Several job sites run by Trinity Mirror Group have suffered hack attacks, although the newspaper group does not believe any CVs were copied or accessed. JobSearch.co.uk and jobs.mirror.co.uk both suffered hack attacks on 19 May. Blog posts described a "concerted and sophisticated attempt to hack into user accounts". As a …
Seems catching as planetrecruit.com
sent this email
"Attempted access to user records on PlanetRecruit
On the afternoon of 19th May, our security systems detected a concerted and sophisticated attempt to hack into our user accounts on PlanetRecruit. As a precautionary measure we temporarily suspended all user accounts whilst we investigated. We are now able to reactivate all user accounts on PlanetRecruit."
Haven't accessed them for at least 6 years
"concerted and sophisticated attempt to hack into user accounts", translates to, "normal, boring, background brute force attack but we wanted some free advertising".
Sounds like they'll have a vacancy, then
for a new chief of security
Am I the only one...
...that totalylegal.com sounds like a recruitment agency for the adult ent industry?
No, you're not....
...but I'm not going to check it from work to find out.
I think we should be told
Is this simply...
...the latest step for recruitment agents? Hire hackers to get a load of CVs and contact details for them.
Hell, they've tried every other weasel tactic in the book.
"3.5 million CVs exposed"
"no CVs or other personal information was accessed"
...so which is it?
a good thing? you want your CV to reach as many people as possible.
"...although the newspaper group does not believe any CVs were copied or accessed..."
Has ANY contract jobseeker got ANY objection to their CVs being spread around as widely as possible...?
Which is it?
Sub headline: "3.5 million CVs exposed"
Quoted within the story: "no CVs or other personal information was accessed."
Paris, because it's got a question mark in it.
I'm sure its been pointed out already but just in case:
>3.5 million CVs exposed
>did not get beyond log-in details - no CVs or other personal information was accessed
So which one is it?
>He said they did not where the attack originated from.
Huh? Maybe they did not *know* where the attack orginated.
Sorry, Sorry, I mean:
"He said they did not know where the attack originated." There fixed that for you.
"He said they did not know from where the attack originated." There fixed that for you.
Unless he really did say "We did not where the attack originated from."
Death of the reg etc,
Which is it?
I guess the reg policy is to lead with the most dramatic possible consequence of any hacking, regardless of what actually happened.
Future headlines for you
"Hospital site suffers hack attack
Thousands butchered in operating theatres"
"Google suffers hack attack
Billions lost in confused fog of uncertain web-browsing"
"Government site suffers hack attack
Taxes go up, anarchy reigns, millions die"
"..... [T]he newspaper group does not believe any CVs were copied or accessed"? CVs are not even secret anyway! People post them quite freely on their personal web pages and blogs!
If it's CVs you're after, try the following URL:
Not every jobseeker wants their CV to be public knowledge.
I think you'll find that whilst some people are happy to dump their CVs into the public gaze with no control over who's able to read them, other people prefer to maintain some level of control over who's reading them. Some of us just don't like the idea of any old Tom, Didier or Harald being able to grab our personal details, others might be looking to move jobs and would prefer it if their current employer didn't find out until the new job was in the bag.
He said they did not where the attack originated from.
Indeed, they did not. Especially not there.
Very anonymous because...
I was lead developer on one of the sites mentioned for a while before it was bought by Trinity Mirror.
Knowing how they work, if they got the database of passwords they got the database of everything including personal records, it's all in the same table. Yes, plain text passwords, No, that wasn't my idea (and I complained about it frequently), but clearly they haven't changed their methods since I was involved. And the table with the user details also contains the full path & file name for the CV, so it can be downloaded directly by navigating to the URL (there are various reasons mostly for recruiter convenience why CVs are exposed this way).
It was a complete nightmare waiting to happen, I'm just glad I'm not involved any more, and that I've still got records of all my emails requesting we change things to fix this and the management replies.
I've had ...
... 20,000 job offers this morning. From Nigeria.
Good for you
at least now we'll get properly punctuated SPAM with decent spelling.
"On 19 May, our security systems detected a concerted and sophisticated attempt to access our user accounts on JobSearch. As soon as we became aware of the attempted security breach, we immediately suspended all user accounts whilst we investigated the nature and extent of the breach.
To reactivate your account, click here
. Enter your email address into the email field and click the “Send password” button. A temporary password will be emailed to you within a few hours. Please check your spam folders in case it is incorrectly classified. You can then log into your account as normal
After completing our initial investigations we can confirm that no CV records or job application information were accessed. We do not know whether email addresses and passwords were taken, but we believe that unfortunately you should work on the basis that they were. All passwords were changed within 4 hours of the security breach being identified and we have not seen any attempts to use the expired passwords on our websites.
We apologise for the inconvenience and disruption this illegal activity has caused and assure you that we have taken extensive precautions to prevent any further such attacks.
If you have any questions please call our customer service team on 0207 348 5010 or email firstname.lastname@example.org. "
- Bugger the jetpack, where's my 21st-century Psion?
- Something for the Weekend, Sir? Why can’t I walk past Maplin without buying stuff I don’t need?
- Review 'Mommy got me an UltraVibe Pleasure 2000 for Xmas!' South Park: Stick of Truth
- The land of Milk and Sammy: Free music app touted by Samsung
- Privacy warriors lob sueball at Facebook buyout of WhatsApp