Feeds

back to article UK jobs site suffers hack attack

Several job sites run by Trinity Mirror Group have suffered hack attacks, although the newspaper group does not believe any CVs were copied or accessed. JobSearch.co.uk and jobs.mirror.co.uk both suffered hack attacks on 19 May. Blog posts described a "concerted and sophisticated attempt to hack into user accounts". As a …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Seems catching as planetrecruit.com

sent this email

"Attempted access to user records on PlanetRecruit

On the afternoon of 19th May, our security systems detected a concerted and sophisticated attempt to hack into our user accounts on PlanetRecruit. As a precautionary measure we temporarily suspended all user accounts whilst we investigated. We are now able to reactivate all user accounts on PlanetRecruit."

Haven't accessed them for at least 6 years

0
0

Yeah, yeah

"concerted and sophisticated attempt to hack into user accounts", translates to, "normal, boring, background brute force attack but we wanted some free advertising".

1
0
Silver badge

Sounds like they'll have a vacancy, then

for a new chief of security

0
0
Happy

Am I the only one...

...that totalylegal.com sounds like a recruitment agency for the adult ent industry?

0
0
Thumb Up

No, you're not....

...but I'm not going to check it from work to find out.

I think we should be told

0
0
Anonymous Coward

Is this simply...

...the latest step for recruitment agents? Hire hackers to get a load of CVs and contact details for them.

Hell, they've tried every other weasel tactic in the book.

1
0
FAIL

Uh, what?

"3.5 million CVs exposed"

"no CVs or other personal information was accessed"

...so which is it?

1
0

surely...

a good thing? you want your CV to reach as many people as possible.

3
0
Silver badge
Troll

Ummm...

"...although the newspaper group does not believe any CVs were copied or accessed..."

Has ANY contract jobseeker got ANY objection to their CVs being spread around as widely as possible...?

0
0
Paris Hilton

Which is it?

Sub headline: "3.5 million CVs exposed"

Quoted within the story: "no CVs or other personal information was accessed."

Paris, because it's got a question mark in it.

0
0
Headmaster

Huh?

I'm sure its been pointed out already but just in case:

>3.5 million CVs exposed

>did not get beyond log-in details - no CVs or other personal information was accessed

So which one is it?

>He said they did not where the attack originated from.

Huh? Maybe they did not *know* where the attack orginated.

Sorry, Sorry, I mean:

"He said they did not know where the attack originated." There fixed that for you.

or even:

"He said they did not know from where the attack originated." There fixed that for you.

Unless he really did say "We did not where the attack originated from."

Death of the reg etc,

0
0
Gav
FAIL

Which is it?

I guess the reg policy is to lead with the most dramatic possible consequence of any hacking, regardless of what actually happened.

Future headlines for you

"Hospital site suffers hack attack

Thousands butchered in operating theatres"

"Google suffers hack attack

Billions lost in confused fog of uncertain web-browsing"

"Government site suffers hack attack

Taxes go up, anarchy reigns, millions die"

1
0
Silver badge
WTF?

Huh

"..... [T]he newspaper group does not believe any CVs were copied or accessed"? CVs are not even secret anyway! People post them quite freely on their personal web pages and blogs!

If it's CVs you're after, try the following URL:

http://www.google.co.uk/search?q=curriculum+vitae.doc

0
0
Thumb Down

Not every jobseeker wants their CV to be public knowledge.

I think you'll find that whilst some people are happy to dump their CVs into the public gaze with no control over who's able to read them, other people prefer to maintain some level of control over who's reading them. Some of us just don't like the idea of any old Tom, Didier or Harald being able to grab our personal details, others might be looking to move jobs and would prefer it if their current employer didn't find out until the new job was in the bag.

0
0
Dead Vulture

He said they did not where the attack originated from.

Indeed, they did not. Especially not there.

0
0
Grenade

Very anonymous because...

I was lead developer on one of the sites mentioned for a while before it was bought by Trinity Mirror.

Knowing how they work, if they got the database of passwords they got the database of everything including personal records, it's all in the same table. Yes, plain text passwords, No, that wasn't my idea (and I complained about it frequently), but clearly they haven't changed their methods since I was involved. And the table with the user details also contains the full path & file name for the CV, so it can be downloaded directly by navigating to the URL (there are various reasons mostly for recruiter convenience why CVs are exposed this way).

It was a complete nightmare waiting to happen, I'm just glad I'm not involved any more, and that I've still got records of all my emails requesting we change things to fix this and the management replies.

1
0

I've had ...

... 20,000 job offers this morning. From Nigeria.

0
0
Silver badge

Good for you

at least now we'll get properly punctuated SPAM with decent spelling.

0
0
Anonymous Coward

Actual email

"On 19 May, our security systems detected a concerted and sophisticated attempt to access our user accounts on JobSearch. As soon as we became aware of the attempted security breach, we immediately suspended all user accounts whilst we investigated the nature and extent of the breach.

To reactivate your account, click here

. Enter your email address into the email field and click the “Send password” button. A temporary password will be emailed to you within a few hours. Please check your spam folders in case it is incorrectly classified. You can then log into your account as normal

.

After completing our initial investigations we can confirm that no CV records or job application information were accessed. We do not know whether email addresses and passwords were taken, but we believe that unfortunately you should work on the basis that they were. All passwords were changed within 4 hours of the security breach being identified and we have not seen any attempts to use the expired passwords on our websites.

We apologise for the inconvenience and disruption this illegal activity has caused and assure you that we have taken extensive precautions to prevent any further such attacks.

If you have any questions please call our customer service team on 0207 348 5010 or email custserv@jobsearch.com. "

0
0
This topic is closed for new posts.