back to article UK jobs site suffers hack attack

Several job sites run by Trinity Mirror Group have suffered hack attacks, although the newspaper group does not believe any CVs were copied or accessed. JobSearch.co.uk and jobs.mirror.co.uk both suffered hack attacks on 19 May. Blog posts described a "concerted and sophisticated attempt to hack into user accounts". As a …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Seems catching as planetrecruit.com

    sent this email

    "Attempted access to user records on PlanetRecruit

    On the afternoon of 19th May, our security systems detected a concerted and sophisticated attempt to hack into our user accounts on PlanetRecruit. As a precautionary measure we temporarily suspended all user accounts whilst we investigated. We are now able to reactivate all user accounts on PlanetRecruit."

    Haven't accessed them for at least 6 years

  2. Anonymous Coward
    Happy

    Am I the only one...

    ...that totalylegal.com sounds like a recruitment agency for the adult ent industry?

    1. Anonymous Coward
      Thumb Up

      No, you're not....

      ...but I'm not going to check it from work to find out.

      I think we should be told

  3. Pete 2 Silver badge

    Sounds like they'll have a vacancy, then

    for a new chief of security

  4. heynonnymouse coward

    Yeah, yeah

    "concerted and sophisticated attempt to hack into user accounts", translates to, "normal, boring, background brute force attack but we wanted some free advertising".

  5. Anonymous Coward
    Anonymous Coward

    Is this simply...

    ...the latest step for recruitment agents? Hire hackers to get a load of CVs and contact details for them.

    Hell, they've tried every other weasel tactic in the book.

  6. Andy Shaw
    FAIL

    Uh, what?

    "3.5 million CVs exposed"

    "no CVs or other personal information was accessed"

    ...so which is it?

  7. Simon Neill

    surely...

    a good thing? you want your CV to reach as many people as possible.

  8. The Commenter formally known as Matt
    Headmaster

    Huh?

    I'm sure its been pointed out already but just in case:

    >3.5 million CVs exposed

    >did not get beyond log-in details - no CVs or other personal information was accessed

    So which one is it?

    >He said they did not where the attack originated from.

    Huh? Maybe they did not *know* where the attack orginated.

    Sorry, Sorry, I mean:

    "He said they did not know where the attack originated." There fixed that for you.

    or even:

    "He said they did not know from where the attack originated." There fixed that for you.

    Unless he really did say "We did not where the attack originated from."

    Death of the reg etc,

  9. Tim Spence
    Paris Hilton

    Which is it?

    Sub headline: "3.5 million CVs exposed"

    Quoted within the story: "no CVs or other personal information was accessed."

    Paris, because it's got a question mark in it.

  10. Dodgy Geezer Silver badge
    Troll

    Ummm...

    "...although the newspaper group does not believe any CVs were copied or accessed..."

    Has ANY contract jobseeker got ANY objection to their CVs being spread around as widely as possible...?

  11. Gav
    FAIL

    Which is it?

    I guess the reg policy is to lead with the most dramatic possible consequence of any hacking, regardless of what actually happened.

    Future headlines for you

    "Hospital site suffers hack attack

    Thousands butchered in operating theatres"

    "Google suffers hack attack

    Billions lost in confused fog of uncertain web-browsing"

    "Government site suffers hack attack

    Taxes go up, anarchy reigns, millions die"

  12. A J Stiles
    WTF?

    Huh

    "..... [T]he newspaper group does not believe any CVs were copied or accessed"? CVs are not even secret anyway! People post them quite freely on their personal web pages and blogs!

    If it's CVs you're after, try the following URL:

    http://www.google.co.uk/search?q=curriculum+vitae.doc

    1. ChrisC Silver badge
      Thumb Down

      Not every jobseeker wants their CV to be public knowledge.

      I think you'll find that whilst some people are happy to dump their CVs into the public gaze with no control over who's able to read them, other people prefer to maintain some level of control over who's reading them. Some of us just don't like the idea of any old Tom, Didier or Harald being able to grab our personal details, others might be looking to move jobs and would prefer it if their current employer didn't find out until the new job was in the bag.

  13. Anonymous Coward
    Dead Vulture

    He said they did not where the attack originated from.

    Indeed, they did not. Especially not there.

  14. Geoff Mackenzie

    I've had ...

    ... 20,000 job offers this morning. From Nigeria.

    1. Pete 2 Silver badge

      Good for you

      at least now we'll get properly punctuated SPAM with decent spelling.

  15. Anonymous Coward
    Grenade

    Very anonymous because...

    I was lead developer on one of the sites mentioned for a while before it was bought by Trinity Mirror.

    Knowing how they work, if they got the database of passwords they got the database of everything including personal records, it's all in the same table. Yes, plain text passwords, No, that wasn't my idea (and I complained about it frequently), but clearly they haven't changed their methods since I was involved. And the table with the user details also contains the full path & file name for the CV, so it can be downloaded directly by navigating to the URL (there are various reasons mostly for recruiter convenience why CVs are exposed this way).

    It was a complete nightmare waiting to happen, I'm just glad I'm not involved any more, and that I've still got records of all my emails requesting we change things to fix this and the management replies.

  16. Anonymous Coward
    Anonymous Coward

    Actual email

    "On 19 May, our security systems detected a concerted and sophisticated attempt to access our user accounts on JobSearch. As soon as we became aware of the attempted security breach, we immediately suspended all user accounts whilst we investigated the nature and extent of the breach.

    To reactivate your account, click here

    . Enter your email address into the email field and click the “Send password” button. A temporary password will be emailed to you within a few hours. Please check your spam folders in case it is incorrectly classified. You can then log into your account as normal

    .

    After completing our initial investigations we can confirm that no CV records or job application information were accessed. We do not know whether email addresses and passwords were taken, but we believe that unfortunately you should work on the basis that they were. All passwords were changed within 4 hours of the security breach being identified and we have not seen any attempts to use the expired passwords on our websites.

    We apologise for the inconvenience and disruption this illegal activity has caused and assure you that we have taken extensive precautions to prevent any further such attacks.

    If you have any questions please call our customer service team on 0207 348 5010 or email custserv@jobsearch.com. "

This topic is closed for new posts.