Names and e-mail addresses of some 400,000 job seekers have been harvested by hackers who have breached the RecruitIreland.com site and its systems.
The site has been taken offline for a while, and the server and the database have been shut down to prevent further access. “The present indicators are that our database was breached to get e-mail addresses and names for spamming,” it said in a notice posted on the main page of the site.
They notified the Data Protection Commissioner and the Gardai about the breach, and internal and external investigations are under way. The external investigation is being handled by Brian Honan – the founder and head of Ireland’s CERT and owner of BH Consulting – and the Gardai.
Sophos reports that the e-mails that have been landing into inboxes belonging to the users confirm the theory that the e-mail addresses have been harvested for spamming purposes and recruiting money mules.
The company sent a warning about it to its users and included an example of the offending e-mail:
The site is back online, and even though it seems that usernames and passwords weren’t compromised, users could change their password just in case.
“BH Consulting worked closely with RecruitIreland.com to identify how the web site was compromised and that particular issue has now been addressed,” said Brian Honan when contacted. “Additional measures have also been implemented to enhance the security of the website and we will continue to work with RecruitIreland.com to assure the security of the system. Extensive testing of the website for any security weaknesses has also been conducted and the security of the website is in line with industry recognized standards.”