Category: privacy


Investigating the Monster.com Security Breach

Filed under: breach, business, infosecurity, monster.com, privacy, security2 Comments
September 10, 2007

During the week of August 27th, Monster.com had a major security breach.  More than 1.3 million records of resume contact information were found to have been pilfered off both the Monster.com site as well as the USAJobs.gov site.  While this information doesn’t include any highly secure informations such as financial and social security numbers, it is still information that can be used with phishing and spam email.  During the investigation, Monster found that this wasn’t the first time that information had been taken this way from their site.

 In response to this breach, Monster.com sent letters out to the victims informing them of the theft of their information.  One of my friends was one such user.  The letter is filled with corporate speech detailing their regret as well as the address to a part of the monster site that details about phishing and ways to avoid being a victim.

 Another action Monster took in response to this event was a promise to their users to step up site monitoring and to spend $80 to $100 million in site upgrades.  According to a Reuters news article, the site had lost between 200 to 300 job seekers’ support. Monster has set up a security center for people to learn more about email phishing and what happened with the security breach.

 Besides the impact this had on increased site security spending, the overall effect consumer effect does not seem to be that steep.  Losing 200 to 300 people out of 1.3 million is much less than 1%. As for internet feedback, most blog output on the matter seem to just be rehashing or adding facts about the incident as well as talking generally about the need in big business for more internet security spending.  The concensus seems to be “its happening again,…. drat”, and then they go back to their normally scheduled program.  Security breaches are becoming so common that the public is becoming less phased by the breaches and just deals with them. Is this a indication of a more tolerant public concerning internet information security?  Or is lack of large response due to the fact that only basic contact information was stolen.

Interesting indepth blog about the breach

Comment

Introduction and a little bit on privacy and Facebook

Filed under: business, Facebook, JessRae, privacy2 Comments
May 31, 2007

Hello all,

 As my first post, I just wanted to give a little background.  I am currently a MBA student working in Web Strategy in California for the summer before finishing off my last year back at Purdue University.  I am starting this blog to track my way through security of information from the business stand point particularly on the web.  I’m doing an independent study on the subject. 

 I want to start off a little bit with a little talk about Facebook.  I have been reading a post by Tim O’Reilly on O’Reilly Radar entitled Facebook is the Microsoft Office of Social Apps.  The discussion has ranged from saying it is the Office, Windows and Photoshop of Social applications.  There have also been comments about the “so called privacy” that Facebook extends to its users. Mairead commented.

There’s something very unhealthy about talking about “privacy” while freely handing over massive amounts of personal information to a faceless, utterly self-interested corporation. On what planet can that possibly be construed as having anything positive to do with privacy!?!

I would like to respond to this.  Yes, Facebook is handing massive amounts of personal information and yes, they are a self-interested corporation.  However, all self-interested corporations know what keeps them successful and one of Facebook’s competitive advantages is the privacy they give users.  If they mess with that too much, they loose market share and loyal customers.  Consider what happened when they added the News Feeds.  There was a huge outcry about the new features.  The company had to scramble to implement all the privacy features people found necessary. 

Another thought is that in this day and age, more and more information is being held remotely.  Your email, your photos, your health information.  Most people are not in possession of alot of information they believe is private.  Keeping the only copy of your private information yourself is not efficient in any way you think about it.  It is necessary for the information to be out in the world, held by someone else in order for us to be able to go about our normal lives.

Your privacy is held by business.  Your doctor runs a business.  Email servers are owned by a business.  They know that privacy is part of their survival.  When business starts to forget this from time to time, as consumers in this world, we have to be the watchguards that remind business of this fact. 

I’d love to hear everyone’s view on this.

Comment
Design a site like this with WordPress.com
Get started