400,000 email addresses exposed by Irish recruitment website hack

by Graham Cluley on February 9, 2011 | 1 Comment

Filed Under: Data loss, Law & order

Irish job website RecruitIreland.com is currently offline after being hit by hackers who breached their systems, and stole the names and email addresses of 400,000 users.

Front page of RecruitIreland.com

A statement elsewhere on the website says that the authorities have been informed, and that some users have received spam emails claiming to offer a job. Although in reality the spams are attempting to recruit innocent people as money mules to move funds on behalf of fraudsters.

RecruitIreland statement

Clearly it's a ghastly situation for the RecruitIreland website, and its users have been left exposed by the security breach. Questions will no doubt be asked as to why the sensitive information was not held securely (was encryption being used?) and how it was possible for hackers to steal such valuable data.

It isn't much consolation to the Irish workers who have had their details exposed in this hack, but this isn't the first time that cybercriminals have targeted recruitment websites.

For instance, in 2007 hackers used the Monstres Trojan horse to steal details from Monster.com of jobseekers via recruiter accounts. That hack was unsurprisingly followed up by a widespread phishing email campaign.

There was more bad news for Monster.com two years ago, when its database was compromised and information was stolen. Data stolen then included users' login names, passwords, email addresses, names, and phone numbers.

Tags: , , , , , ,

One Response to 400,000 email addresses exposed by Irish recruitment website hack

  1. Michelle says:
    February 9, 2011 at 5:44 pm

    This is EXACTLY why I use a temporary e-mail address, that I don't use
    ANYWHERE else when I'm searching for a job.

    I set-up a g-mail account with something like bostonapplicant, or chicagojobseeker
    and use it on all the job sites. I never post a resume, I just submit one
    individually with each job I wish to apply for. That way, when I get the,
    "We have reviewed your resume and your skills are exactly what we are
    looking for!" I know it is a SCAM!

    This also protects me in another way. When my potential employer Googles
    my e-mail address, or tries to find it on a social network. It isn't there!
    So they don't find out that my musical taste is stuck back in 80's and
    that I spend too much time watching Family Guy.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.