{"id":4554,"date":"2019-09-06T10:21:54","date_gmt":"2019-09-06T14:21:54","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4554"},"modified":"2019-09-06T12:08:46","modified_gmt":"2019-09-06T16:08:46","slug":"the-monster-com-breach-the-basics-and-takeaways","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/","title":{"rendered":"The Monster.com Breach: The Basics and Takeaways"},"content":{"rendered":"

\"The<\/p>\n

Another day, another major breach of consumer data due to a third-party. Yesterday, a security researcher discovered an exposed web server containing the r\u00e9sum\u00e9s of job seekers. These r\u00e9sum\u00e9s also included those from Monster.com, a recruitment site tailored for job-seekers.\u00a0\u00a0<\/span><\/p>\n

According to reports, the exposed server contained an unknown number of r\u00e9sum\u00e9s and CVs from between 2014 and 2017; a single folder dated to May 2017 contained thousands of r\u00e9sum\u00e9s. Of course, these job seeker documents contain personally-identifying-information including phone numbers, home addresses, email addresses, and prior work experience.\u00a0<\/span><\/p>\n

\t\t\t

\"Download<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n

Additionally, the exposed files included immigration documentation, although Monster.com does not collect this information. The server was removed, but thousands of r\u00e9sum\u00e9s remain accessible through search engine caches.\u00a0<\/span><\/p>\n

The company released a statement attributing the server to a third-party recruitment customer. While Monster.com stated they no longer work with this third-party, they also declined to identify them.\u00a0<\/span><\/p>\n

However, Monster.com did not alert users to the data exposure at first; they only admitted to the breach to their users after a security researcher alerted fellow publication <\/span>TechCrunch<\/span><\/a>. Granted, Monster did not breach the data themselves, but this has led to questions about the responsibility of data collectors after the fact.\u00a0<\/span><\/p>\n

According to the company statement \u201ccustomers that purchase access to Monster\u2019s data\u2014candidate r\u00e9sum\u00e9s and CVs\u2014become the owners of the data and are responsible for maintaining its security. Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer\u2019s database.\u201d<\/span><\/p>\n

The company did not have a legal obligation to alert regulators in this case, although it is considered a best practice to do so.<\/span><\/p>\n

Takeaways from the Monster.com Breach<\/b><\/h3>\n

First and foremost, watch your third-party privileges and data movement. Third-parties possess and often deserve a notorious reputation for exposing and otherwise risking data. In other cases, they may obtain privileges to your data far beyond their role in your enterprise. Make sure you govern your third-parties\u2019 identities to ensure they fit with your cybersecurity policies.\u00a0<\/span><\/p>\n

Second<\/span>, you need to alert users if your enterprise does suffer a security incident that affects them\u2014even if you do not have an obligation. While a data breach can seem damaging, refusing to accept any responsibility can create a worse image. Of course, this may not reflect on Monster itself as it didn’t lose the data, but one of the companies involved must step up in cases of data breaches.\u00a0\u00a0<\/span><\/p>\n

Yet the most important conversation may involve the obligations companies have when selling, purchasing, and storing user data. This conversation only grows in importance by the day, even as we grapple with its implications.\u00a0 \u00a0<\/span><\/p>\n

You can work to improve your identity security and permissions controls with our 2019 Identity Management Buyer\u2019s Guide<\/a>.\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Another day, another major breach of consumer data due to a third-party. Yesterday, a security researcher discovered an exposed web server containing the r\u00e9sum\u00e9s of job seekers. These r\u00e9sum\u00e9s also included those from Monster.com, a recruitment site tailored for job-seekers.\u00a0\u00a0 According to reports, the exposed server contained an unknown number of r\u00e9sum\u00e9s and CVs from […]<\/p>\n","protected":false},"author":41,"featured_media":4381,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6,1],"tags":[142,16,112,1226,76,70,1228,1227,1229,30],"acf":[],"yoast_head":"\nThe Monster.com Breach: The Basics and Takeaways<\/title>\n<meta name=\"description\" content=\"Yesterday, a security researcher discovered an exposed web server containing the r\u00e9sum\u00e9s of job seekers including from Monster.com\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/\",\"name\":\"The Monster.com Breach: The Basics and Takeaways\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/05\/Multifactor-authentication-mod.jpg\",\"datePublished\":\"2019-09-06T14:21:54+00:00\",\"dateModified\":\"2019-09-06T16:08:46+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Yesterday, a security researcher discovered an exposed web server containing the r\u00e9sum\u00e9s of job seekers including from Monster.com\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/05\/Multifactor-authentication-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/05\/Multifactor-authentication-mod.jpg\",\"width\":801,\"height\":413,\"caption\":\"Identity Management Providers: Best of 2021 and Beyond\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Monster.com Breach: The Basics and Takeaways\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer's Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Monster.com Breach: The Basics and Takeaways","description":"Yesterday, a security researcher discovered an exposed web server containing the r\u00e9sum\u00e9s of job seekers including from Monster.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/","url":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/","name":"The Monster.com Breach: The Basics and Takeaways","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/05\/Multifactor-authentication-mod.jpg","datePublished":"2019-09-06T14:21:54+00:00","dateModified":"2019-09-06T16:08:46+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Yesterday, a security researcher discovered an exposed web server containing the r\u00e9sum\u00e9s of job seekers including from Monster.com","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/05\/Multifactor-authentication-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/05\/Multifactor-authentication-mod.jpg","width":801,"height":413,"caption":"Identity Management Providers: Best of 2021 and Beyond"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/the-monster-com-breach-the-basics-and-takeaways\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"The Monster.com Breach: The Basics and Takeaways"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer's Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4554"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4554"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4554\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4381"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4554"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}