Finding Rachel Steinberg’s blog through Twitter user @themediaishirin. What is going on there is great, by the way – themediaishirin is posting 140 character resumes in hopes to find people employment! On to the point here, this post hit like a hurricane: Job Site Fail. She references the original article that alerted her to the true gravity of the situation on USAToday.

Monster was hacked into again….

Again? Why is it so Monster? Why? Seems also they didn’t have a way to “effectively” inform the millions whose data was just HACKED and put at HIGH RISK. VERY HIGH RISK. Seems an email wouldn’t be wise – can we kind of see their point in their notice (linked below). Twice in the past 6-months according to the article where Rachel found out about it from. Twice? Six months? They have got to be kidding, right?

Why is it Monster can not just look through all that data, the “public” resumes, oh wait they nearly are all public it would seem – well not the resumes according to the Monster Security Alert, and find a competent web team that knows something about security? Oh they might want to add some network security, and maybe, just maybe some physical security as well. You think?

This is inexcusable in my eyes. What about YOUR eyes, YOUR life – is it inexcusable?

There is no reason for this to happen TWICE. None. Monster account deleted. Time to take chances of finding a job elsewhere. Not that Monster ever had much that wasn’t a “pay for work” scam or some other “scam” on there in the first place. Maybe they should require employers to actually have either a Federal Employer Identification Number (FEIN), or State business license number before they can post a job? Maybe, they should only accept employers that have true domain name email addresses, complete with a phone number, rather than accepting Yahoo and Gmail address and job postings without a bit of identifying information – “Company Confidential”, yeah, right. Where was their users’ confidentiality?

The link to the Monster Notification – it points out several things of important note:

“It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.”

Yeah, and WE trust Monster to monitor the entire Internet for use of OUR information after they couldn’t even monitor their systems well enough and secure enough to prevent such potential? Twice?

“…we will be instituting a mandatory password reset for all accounts that could potentially be affected. Those affected users will be prompted to change their password on their next login to the site…”

For accounts that could potentially be affected??? Why not for all, just for extra measure? Seems good anyway to do it that way – why “guess” or “get close” to notifying all those that “could” be effected?

“…and create a permanent password that is in compliance with Monster’s password standards.”

If their password standards are like their security standards, maybe it is time find a competitor that does it better and SAFER

” Requiring these password resets helps us ensure that accounts are secure from any fraudulent activities.”

See the first Yeah above. Why should anyone trust them to ensure accounts are secure now? After this again?

Anyway….do you know of a secure employment site, that offers relevant jobs, with actual company data listed that takes care of its people? Share it if you know it – many are in the same situation right now!

I logged in to my PayPal account yesterday only to notice a charge attempting to come through for Amazon.com on my PayPal Debit card. The funny thing is, the only purchases I have made at Amazon.com this year were paid using a different card, and those transactions have already cleared with the card issuer.

So begins finding out what is going on.

1:30AM Mountain Time

First call was to Amazon.com’s 24-hour customer support. The lady that answered the phone was very friendly, though had a thick accent and obviously didn’t have very good English skills. How do I know this? After providing my email address nearly 4 or 5 times and she still had it incorrect I got the feeling she didn’t understand the basic alphabet when spelled out, even using phrases such as A as in apple, B as in boy to clarify the letters.

So then on to order numbers. I provided her with two order numbers, neither of which she could find in the system. Imagine that. They were placed with Amazon merchants, not directly with Amazon, and thus I explained this to her. Again, she verifies the order numbers and no surprise she had at least 2 digits wrong in each of them, so now I have the feeling she can’t even understand numbers 0-9. So we verify 3-4 more times the order numbers.

At this point, we are nearly 20 minutes into the support call and she still has yet to locate my account, so I ask if she can look it up by my name, by a credit card number, by my address or anything else. She says she can’t do that and mumbles about something else. Finally she puts me on hold for nearly 3 minutes and then comes back asking for my name so she can pull up my account. Mind you I have explained at this point 3 times that the purpose of the call is to report a fraudulent charge coming from Amazon.com to my debit card, that is unrelated to my purchases last week, since they used a different card and had already cleared the issuing bank.

So she pulls up my account, notes the two order from last week, which is amazing since she claimed to have had the proper order numbers before. She then asks which order I am disputing. I explain to her I am not disputing any of the items or order, but I am trying to file a claim of fraudulent charges coming from Amazon.com. She puts me on hold again for several minutes.

After she comes back on the line, the first thing she asks for is my debit card number. No explanation, just “May have your debit card number sir?” I ask her why she needs that at this point, considering she had so much trouble finding me in their system, considering she couldn’t get the order numbers proper and considering she has misunderstood the entire purpose of the call. She said she would like to start an investigation into my orders and needed the debit card number. I explained, once again, that it was being used for an order I DID NOT place. She says she is not sure how she can help me with that, but it would help if she could get my debit card number anyway. At that point I ended the call.

8:30AM Mountain Time

I call PayPal customer support, input the code given from the customer support web site, choose my menu options properly and get to a live person in under 2 minutes. Now that’s cool. The lady that answers the phone pulls up my account, verifies a few bits on information the first time, no problem. She obviously can understand English much better than the Amazon customer service representative I spoke to about 7 hours ago.

She sees the two authorizations that have been attempted by Amazon.com, for $1.00. I validate that I have not used the PayPal debit card on Amazon.com to complete a purchase, though for a time it was listed as one of my payment methods with Amazon.com. She says the card number was probably compromised, or someone has inadvertently switch digits in their card making it the same as mine, which has happened in the past. She notes the best thing to do is to cancel the card and issue a new one. I agree.

Within less than 6 minutes, PayPal answered my call, verified my information, canceled the debit card, issued a new one and apologized for any inconvenience, even thought it does not appear that they are at fault. Take that Amazon.com!

For an interesting read on what I feel may have happened, just check out this blog post here about a potential credit/debit card hack happening. A quote from there reads, “Amazon seems to be a current favorite, based on the fact that a number of the irate forum posters recently shopped there.” The issue in my case is, this card was not used on Amazon.com during my purchases, and in fact the card that Amazon.com was trying to authorize had not been used in several months, since September 2008.