NASA Security Operations Center (SOC) General Security Bulletin Monster.com/USAJobs.gov Breach & Information Theft
Security Operations Center (SOC)
General Security Bulletin
Distribution: NASA Civil Servants & Contractors
Originator: Scott.Roberts@nasa.gov Date/Version: 2009.01.27.V1
Project Manager: John Wang
Subject: Monster.com/USAJobs.gov Breach & Information Theft
Summary: User information from USAJobs was compromised when their technology provider, Monster, was accessed without authorization.
Details: Monster, the technology provider for USAJobs.gov, was the target of an illegal attempt to access and extract information from their database. When the database was accessed, user contact and account data were taken.
The following information was compromised:
- Monster User IDs
- Monster User Passwords
- User Email Addresses
- User Names
- User Phone Numbers
- Demographic Information
The following information was not compromised:
- User Social Security Number
- User Financial Information
- User Resumes
Mitigation:
Monster recommended the following mitigation steps:
- Change Monster/USAJobs password. (This may be required by Monster/USAJobs in the future)
- Be alert for phishing emails that may utilize information from this compromise. Monster will never send an unsolicited email asking users to confirm their username and password, nor will Monster ask users to download any software, “tool” or “access agreement” in order to use their Monster account. Do not follow any unsolicited links in email or download and install any unexpected applications or applications not requested.
The NASA SOC recommends the following actions: . In addition to resetting Monster.com/USAJobs.gov passwords, users should change the passwords of any NASA resource that is using the same or a similar password. . Do not use the same login and passwords for your NASA accounts as you would for your personal accounts.
Resources: The following links may provide further information regarding this malicious activity:
USA JOBS – Attention USAJOBS(R) Users: http://www.usajobs.com/securityNotice.asp
Monster January Security Communication: http://help.monster.com/besafe/jobseeker/index.asp
Monster Online User Security Center: http://my.monster.com/securitycenter/
The NASA SOC is tracking this threat. Users can contact the 24 x 7 x 365 NASA Security Operations Center (NASA SOC) Call Center with any questions at the following number: 1-877-NASA-SEC (1-877-627-2732)