400,000 email addresses exposed by Irish recruitment website hack

by Graham Cluley on February 9, 2011 | 1 Comment

Filed Under: Data loss, Law & order

Irish job website RecruitIreland.com is currently offline after being hit by hackers who breached their systems, and stole the names and email addresses of 400,000 users.

Front page of RecruitIreland.com

A statement elsewhere on the website says that the authorities have been informed, and that some users have received spam emails claiming to offer a job. Although in reality the spams are attempting to recruit innocent people as money mules to move funds on behalf of fraudsters.

RecruitIreland statement

Clearly it's a ghastly situation for the RecruitIreland website, and its users have been left exposed by the security breach. Questions will no doubt be asked as to why the sensitive information was not held securely (was encryption being used?) and how it was possible for hackers to steal such valuable data.

It isn't much consolation to the Irish workers who have had their details exposed in this hack, but this isn't the first time that cybercriminals have targeted recruitment websites.

For instance, in 2007 hackers used the Monstres Trojan horse to steal details from Monster.com of jobseekers via recruiter accounts. That hack was unsurprisingly followed up by a widespread phishing email campaign.

There was more bad news for Monster.com two years ago, when its database was compromised and information was stolen. Data stolen then included users' login names, passwords, email addresses, names, and phone numbers.

Tags: , , , , , ,

One Response to 400,000 email addresses exposed by Irish recruitment website hack

  1. Michelle says:
    February 9, 2011 at 5:44 pm

    This is EXACTLY why I use a temporary e-mail address, that I don't use
    ANYWHERE else when I'm searching for a job.

    I set-up a g-mail account with something like bostonapplicant, or chicagojobseeker
    and use it on all the job sites. I never post a resume, I just submit one
    individually with each job I wish to apply for. That way, when I get the,
    "We have reviewed your resume and your skills are exactly what we are
    looking for!" I know it is a SCAM!

    This also protects me in another way. When my potential employer Googles
    my e-mail address, or tries to find it on a social network. It isn't there!
    So they don't find out that my musical taste is stuck back in 80's and
    that I spend too much time watching Family Guy.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can email Graham, subscribe to his updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.