Finding Rachel Steinberg’s blog through Twitter user @themediaishirin. What is going on there is great, by the way – themediaishirin is posting 140 character resumes in hopes to find people employment! On to the point here, this post hit like a hurricane: Job Site Fail. She references the original article that alerted her to the true gravity of the situation on USAToday.

Monster was hacked into again….

Again? Why is it so Monster? Why? Seems also they didn’t have a way to “effectively” inform the millions whose data was just HACKED and put at HIGH RISK. VERY HIGH RISK. Seems an email wouldn’t be wise – can we kind of see their point in their notice (linked below). Twice in the past 6-months according to the article where Rachel found out about it from. Twice? Six months? They have got to be kidding, right?

Why is it Monster can not just look through all that data, the “public” resumes, oh wait they nearly are all public it would seem – well not the resumes according to the Monster Security Alert, and find a competent web team that knows something about security? Oh they might want to add some network security, and maybe, just maybe some physical security as well. You think?

This is inexcusable in my eyes. What about YOUR eyes, YOUR life – is it inexcusable?

There is no reason for this to happen TWICE. None. Monster account deleted. Time to take chances of finding a job elsewhere. Not that Monster ever had much that wasn’t a “pay for work” scam or some other “scam” on there in the first place. Maybe they should require employers to actually have either a Federal Employer Identification Number (FEIN), or State business license number before they can post a job? Maybe, they should only accept employers that have true domain name email addresses, complete with a phone number, rather than accepting Yahoo and Gmail address and job postings without a bit of identifying information – “Company Confidential”, yeah, right. Where was their users’ confidentiality?

The link to the Monster Notification – it points out several things of important note:

“It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.”

Yeah, and WE trust Monster to monitor the entire Internet for use of OUR information after they couldn’t even monitor their systems well enough and secure enough to prevent such potential? Twice?

“…we will be instituting a mandatory password reset for all accounts that could potentially be affected. Those affected users will be prompted to change their password on their next login to the site…”

For accounts that could potentially be affected??? Why not for all, just for extra measure? Seems good anyway to do it that way – why “guess” or “get close” to notifying all those that “could” be effected?

“…and create a permanent password that is in compliance with Monster’s password standards.”

If their password standards are like their security standards, maybe it is time find a competitor that does it better and SAFER

” Requiring these password resets helps us ensure that accounts are secure from any fraudulent activities.”

See the first Yeah above. Why should anyone trust them to ensure accounts are secure now? After this again?

Anyway….do you know of a secure employment site, that offers relevant jobs, with actual company data listed that takes care of its people? Share it if you know it – many are in the same situation right now!