Hackers steal details of 4.5m users of Monster.co.uk in Britain's biggest cyber theft case
The personal details of 4.5 million people have been stolen from a recruitment website in Britain's biggest case of cyber theft.
Hackers accessed the confidential information of job seekers registered with Monster.co.uk and now hold electronic copies of their user names, passwords, telephone numbers and email addresses.
Information such as birth dates, gender and ethnicity was also taken, along with 'basic demographic data'. The victims are mainly professionals.
Monster.co.uk has posted a message on the site advising all customers to change their passwords immediately.
'We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures,' the message said.
Experts today warned the data could be used by gangs to open fake bank accounts or take out loans in the names of customers.
'It's a horrendous breach,' said Graham Cluley of computer security firm Sophos.
'These hackers could now use the passwords to access email and online bank accounts. The information they have can be used to cause all kinds of mischief.'
Mr Cluley said there were growing concerns that criminals could use the information to access people's bank details since users often used the same password.
It is also feared the hackers will use the information to launch so-called phishing attacks, using the information stolen from Monster to trick users into giving out more details.
'One very real risk is that hackers will use the email addresses and personal information they have received to mount a phishing campaign, attempting to gather more sensitive information about victims,' said Mr Cluley.
'Phishing emails which attempt to look more legitimate by using the recipient's real name and other personal information are always more successful.'
The Information Commissioner's Office, the privacy watchdog, said that it would investigate the breach.
'The ICO does not hesitate to investigate the most serious cases where sensitive details or large collections of personal information fall into the wrong hands,' a spokesman said.
Police on both sides of the Atlantic are also expected to investigate. The Serious Organised Crime Agency said it was aware of the situation.
Monster.com, the site's U.S. owner, said the stolen data did not contain details of CVs or financial information.
'We are taking appropriate law enforcement action,' a spokeswoman said.
'It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.'
It is the third time in two years that security at the world's largest recruitment site has been breached.
It is also the largest breach of confidential data since the details of 25 million child benefit recipients were lost from HM Revenue and Customs two years ago.
In August 2007 Monster.com's database was infected by a virus called infostealer. monstres, which siphoned off more than 1.6 million records, mostly of customers based in the US.
A Russian gang was said to be responsible. It was found to be selling 'identity harvesting services' to fraudsters. THE MAIL