Monster.com Data Breach Threatens Job Search Sites’ Effectiveness

Last Friday, Monster.com disclosed that its database was hacked, and that members’ names, usernames, passwords, e-mail addresses, phone numbers and demographic data were compromised in the data breach. The job search site, which boasts over 75 million accounts for job seekers, hasn’t disclosed the number of users whose personal information was stolen.

RELATED STORIES

Monster.com Reports Theft of User Data

Monster.com Data Breach: Share Your Reaction

ID Attach Widens With 1.3 Million Records Stolen from Monster.com

Protecting Your Identity in Your Job Search

This isn’t the first time Monster.com’s database has suffered a break-in: The Maynard, Mass.-based online job board experienced a previous hack in August 2007, which impacted 46,000 job seekers and 1.3 million records, according to Computerworld.

This newest data breach comes days after Monster.com re-launched with a new user interface and new career management tools for job seekers on January 12.

The breach raises the question of whether security breaches like those that have taken place at Monster.com will make job seekers more gun-shy about sharing their work histories and contact information online, and whether their reluctance to share information will dilute the effectiveness of those sites.

Phil Rosenberg, a career coach, doesn’t think the most recent Monster.com data breach will change most job seekers’ behavior on job search sites.

“If we weren’t in a bad recession with a really tough job market, I think it might,” he says. “At the end of the day, people want to eat and work.”

The job seekers who may opt to remove information (such as phone numbers, personal e-mail addresses or mailing addresses) from their job search profiles are more likely to be the passive ones, says Rosenberg, because they have less skin in the job search game.

Employed executives looking for new jobs may also think twice about what they post on job search sites such as Execunet and The Ladders for fear that their employers might find out they’re looking for something new through a breach, he says.

If passive job seekers, who are arguably more appealing than unemployed job seekers, begin to limit the employment and contact information they share on job search sites, and if hiring managers and recruiters can’t reach them as easily as a result, the effectiveness of job boards may be reduced.

Monster.com Users React to the Breach

Monster.com user Chuck Rudisill, a VP of sales for outsourcing services provider NDS, says he’s considering limiting the information he shares on the site.

Rudisill uses Monster.com about three times per week to prospect sales leads: He uses it to see which companies are hiring technical talent and to see which technical skills are in demand. He also has a personal account which he says he checks maybe once a month.

Rudisill hadn’t known about Monster.com’s data breach until CIO.com contacted him for an interview, even though he had surfed the site on Monday—three days after Monster.com posted a small security alert about the breach on its home page. Rudisill says he didn’t see the alert because it’s only on the home page. (He enters the site through a bookmarked page, not the home page.)

He also expressed surprise that Monster.com didn’t notify individual account users of the breach. Monster.com noted on an FAQ page that it decided not to inform users individually of the breach because it didn’t want to risk that “those e-mails would be used as a template for phishing e-mails targeting” its users.

Rudisill, who is on the Do Not Call List, is concerned that his phone number and e-mail address might get “into the wrong hands”—e.g. telemarketers or spammers. So far, he hasn’t noticed any “unusual activity” activity on his cell phone or an uptick in spam since last Friday, but, he says, “I’m not sure how long that’s going to last.”

The sales exec planned to go back to his profile on Monster.com to see what information he had in his account. He said he might remove his phone number and e-mail address from his profile and that he’d be looking to Monster.com for information and recommendations on what to do and how to minimize his exposure. (For information on how to protect your identity in a job search, see the CIO Job Search blog.)

“Am I concerned about the downside of not having my contact information on the site, and people not being able to reach out to me, or [am I concerned about] the loss of privacy,” he asked himself rhetorically. “That’s something I’ll have to decide over the next few weeks.”

Countless other job seekers will no doubt be asking themselves the same question.

Monster.com and CIO.com did not connect in time for this story.