400,000 email addresses exposed by Irish recruitment website hack

Irish job website RecruitIreland.com is currently offline after being hit by hackers who breached their systems, and stole the names and email addresses of 400,000 users.

Front page of RecruitIreland.com

A statement elsewhere on the website says that the authorities have been informed, and that some users have received spam emails claiming to offer a job. Although in reality the spams are attempting to recruit innocent people as money mules to move funds on behalf of fraudsters.

RecruitIreland statement

Clearly it’s a ghastly situation for the RecruitIreland website, and its users have been left exposed by the security breach. Questions will no doubt be asked as to why the sensitive information was not held securely (was encryption being used?) and how it was possible for hackers to steal such valuable data.

It isn’t much consolation to the Irish workers who have had their details exposed in this hack, but this isn’t the first time that cybercriminals have targeted recruitment websites.

For instance, in 2007 hackers used the Monstres Trojan horse to steal details from Monster.com of jobseekers via recruiter accounts. That hack was unsurprisingly followed up by a widespread phishing email campaign.

There was more bad news for Monster.com two years ago, when its database was compromised and information was stolen. Data stolen then included users’ login names, passwords, email addresses, names, and phone numbers.