Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Jobs.ie Security Breached.

  • 28-03-2008 6:36pm
    #1
    Closed Accounts Posts: 223 ✭✭Anarking


    Just got an email from Jobs.ie that they let someone illegally download my CV.



    What possible actions can or should I take?


«134

Comments

  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Action in regards to what?


  • Closed Accounts Posts: 223 ✭✭Anarking


    Im not sure...


    Trying to make sure im not a victim of identity theft I guess, should I notify my bank or what.


  • Closed Accounts Posts: 10,367 ✭✭✭✭watna


    Are your bank details on your CV?

    I'm presuming the only sensitive information you could possibly have on your CV that would lead to identity theft is your name and date of birth. That can be found out from a lot of places. I'd say your ok, although it is bad form by jobs.ie.

    Maybe someone else out there has a better idea of how info on a CV could be used for identity theft. I can't think of anyway.


  • Registered Users, Registered Users 2 Posts: 327 ✭✭celt2005


    You need to get more information on the breach, was it social engineering, or was the site compromised.

    Was it just you, or have other CVs been targetted.

    Definetely tell your bank of this issue, but they mainly ask data like " Mothers Surname" as they are not normally stored on CVs.


    Thanks for the heads up, and keep us informed.


  • Closed Accounts Posts: 508 ✭✭✭SW81


    Has anyone else received this email from Jobs.ie? I'm a bit worried now....can things be done with the information on my CV??


    Dear ..........

    I am writing to bring your attention to a security breach on Jobs.ie which occurred yesterday evening. Although this breach was identified and stopped quickly, a small number of CVs were illegally downloaded. Unfortunately your CV was one of the records taken. I understand and apologise for the concern this will cause you and I want to assure you that we are taking steps to prevent this happening again.

    In the meantime I urge you to exercise extra caution while conducting online activity.
    To help you avoid risk, please follow these key online safety tips:
    • Reputable companies do not request personal details by email, if a company contacts you do not give any personal information until you have established they are legitimate
    • Never give out personal banking information
    • Do not share your passwords with anyone
    • Do not open email attachments if you are suspicious, especially .exe files.
    A dedicated 24 hour customer helpline has been set up to deal with any further questions or concerns you may have. Please call +353 (0)1 680 8699 or email info@jobs.ie


    Again, please accept our apologies for any inconvenience or distress caused.


    Yours sincerely,

    Huw Taylor


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 17,727 ✭✭✭✭Sherifu




  • Closed Accounts Posts: 23,862 ✭✭✭✭January


    My boyfriends CV was taken too. Basically, the were illegally downloaded from the site and they caught it pretty fast apparently.

    Could someone not use your CV to get a job?? Some people put their PPSN on the CV because so many companies ask for them on application forms these days. That could be stolen and used for identity theft...


  • Registered Users, Registered Users 2 Posts: 4,535 ✭✭✭Raekwon


    It seems that recruiters are really scrapping the barrel these days :D


  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭Hitchhiker's Guide to...


    moved to work&jobs from consumer issues


  • Closed Accounts Posts: 508 ✭✭✭SW81


    I got one too. When they say a small number of CV's were taken it looks like it's a lot more than that. Kind of freaked out. I mean what can someone do with just my name, address, phone number and past employment?? :eek:


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,469 ✭✭✭Pythia


    My was taken too.


  • Registered Users, Registered Users 2 Posts: 4,535 ✭✭✭Raekwon


    Just checked my email account............I got one too :( Oh well, a few weeks of cold calls and spam, hopefully nothing too bad comes of this.


  • Registered Users, Registered Users 2 Posts: 1,108 ✭✭✭mjsmyth


    Mine too....


  • Closed Accounts Posts: 2 Catalyst2222


    Has anyone tried requesting their password from jobs.ie?

    I got the email too but I wasn't sure I ever uploaded a CV to the site, so I went to jobs.ie, clicked on 'forgot password'. I then received an email saying I didn't have a password for this site.

    Seeing as how you need a password in order to upload your CV this doesn't make sense.

    Or have everyone's passwords been scrubbed?


  • Closed Accounts Posts: 3,635 ✭✭✭tribulus


    Mine was taken also. Somehow I get the impression it was more than a small number of CV's.

    I'm a bit annoyed as my mobile was on it but my email address was a college one, soon to be defunct.

    Come to think of it they now know my leaving cert, college results, address, phone numbers, D.O.B. and what schools I went to, yikes.


  • Closed Accounts Posts: 911 ✭✭✭Little-Devil


    tribulus wrote: »
    Mine was taken also. Somehow I get the impression it was more than a small number of CV's.

    I'm a bit annoyed as my mobile was on it but my email address was a college one, soon to be defunct.

    Come to think of it they now know my leaving cert, college results, address, phone numbers, D.O.B. and what schools I went to, yikes.

    I was just reading this post and i got slightly supisous so i checked my e-mail account and i also have the above e-mail.

    I think this is a serious breach by jobs.ie. I was wondering has anyone acutally tried calling the telephone number?

    MY CV has all my personal details like address, telephone number....


  • Registered Users, Registered Users 2 Posts: 80 ✭✭TiptoeMushroom


    I too got that e-mail... Its horrible to think that someone out there knows where i live, what my phone number is, where i used to work, my D.O.B & my qualifications etc. :(


  • Moderators, Regional East Moderators Posts: 21,504 Mod ✭✭✭✭Agent Smith


    Likewise :(


  • Registered Users, Registered Users 2 Posts: 1,403 ✭✭✭The Gnome


    Yeah, got one too. Does seem to be a bit more than "a small number"...:(


  • Closed Accounts Posts: 508 ✭✭✭SW81


    I'm getting more and more worried about this now :(


  • Advertisement
  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    The Gnome wrote: »
    Yeah, got one too. Does seem to be a bit more than "a small number"...:(
    A small number of users is only ever small relative to the number of users there are. Its also a term largely used for damage limitation purposes.


  • Registered Users, Registered Users 2 Posts: 2,152 ✭✭✭dazberry


    I got the email too but I wasn't sure I ever uploaded a CV to the site, so I went to jobs.ie, clicked on 'forgot password'. I then received an email saying I didn't have a password for this site.

    Me too - had the same result - although I never had my CV there. I did have a job search email notification setup at one point.

    D.


  • Registered Users, Registered Users 2 Posts: 1,403 ✭✭✭The Gnome


    A small number of users is only ever small relative to the number of users there are. Its also a term largely used for damage limitation purposes.

    Yeah, I know what you mean. Now that I think about it I don't think I ever uploaded my CV, I've only ever attached it. Does anyone know if an attached CV is stored? Either that or they're covering their bases and emailing everyone.:confused:


  • Closed Accounts Posts: 3,413 ✭✭✭HashSlinging


    me 3. im ringing the 24 hour helpline...hold music


  • Closed Accounts Posts: 12,382 ✭✭✭✭AARRRGH


    If you applied for a job via Jobs.ie, your CV is on their server.

    Jobsites like normally work like this -

    1. You apply for a job.
    2. The employer receives an e-mail with your CV attached.
    3. Your CV is also archived online in the employer's jobsite account

    Bear in mind the likes of Monster.ie allow employers/agencies to search their CV database (for a fee), so your CV could easily get into the wrong hands that way too.

    In fairness to Jobs.ie, a determined hacker could probably break into any computer system (whether via technical or social engineering means.)

    As a programmer myself, I would imagine every CV is stored in the same folder, so all you need is to get access to that folder and you've got yourself hundreds of thousands of CVs.


  • Closed Accounts Posts: 1,821 ✭✭✭useful_contacts


    i got this too, this is scary- i wont be getting any cold calls cos i only just changed my phone number- but my email addy and all is on it- thankfully not my pps no. why would people want to take CVs?


  • Registered Users, Registered Users 2 Posts: 17,727 ✭✭✭✭Sherifu


    My gf got one too.


  • Closed Accounts Posts: 12,382 ✭✭✭✭AARRRGH


    why would people want to take CVs?

    Personal information is valuable.

    Example:

    If I was a recruitment agency, I would love to get my hands on a few hundred thousand Irish CVs. Not only would I have a potential jobseeker I could head hunt, but I would also have contact names for potential clients from the referee section.


  • Closed Accounts Posts: 48 madboggar


    I got a mail as well


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,110 ✭✭✭Thirdfox


    I got the email too... :(

    Sue for breach of contract?


  • Closed Accounts Posts: 20 AB25


    I got that email too. Im freaked out. I think that whoever did this knew what they were at.


  • Closed Accounts Posts: 20 AB25


    If they abuse your info, after stealing it, and you can prove it, then you can sue.


  • Registered Users, Registered Users 2 Posts: 11,331 ✭✭✭✭bronte


    I am also one of the lucky few who had their c.v. nicked.
    Kinda pissed off about it tbh. :mad:


  • Closed Accounts Posts: 20 AB25


    What im worried about is that it seems to have been done on purpose. I would be freaked out if someone used my details to get a loan, make a passport or try to take any other info. Sorry,not trying to scare anybody!But i am emailing my bank all the same.:)


  • Registered Users, Registered Users 2 Posts: 11,331 ✭✭✭✭bronte


    My home address, name, personal email and moblie number were on that thing.
    If I end up getting cold called I'm gonna give them hell. :mad:
    Really don't like this.


  • Advertisement
  • Closed Accounts Posts: 508 ✭✭✭SW81


    Small few my arse! Loads of people have had their details taken. This is bad form.

    Realistically though nothing terribly bad can be done with our details can it?


  • Closed Accounts Posts: 20 AB25


    I was trying to figure out how this happened. i didnt upload my cv to the site, the only time i applied for a job on that website was to an employer directly, not an agency. I think they hold it anyway.
    I asked them to tell me more about how this happened but i doubt i will hear anything.
    Has anyone called the phone number??


  • Registered Users, Registered Users 2 Posts: 498 ✭✭DermoMIO


    Happened to me aswell was shocked.

    Just wondering what would be the worst case scenario that could come from this ?

    as in people having access to full address, dob, full employment & education history etc


  • Registered Users, Registered Users 2 Posts: 11,987 ✭✭✭✭zAbbo


    It sounds like everyone who had a cv up there has possibly had there details stolen...


  • Registered Users, Registered Users 2 Posts: 3,668 ✭✭✭eringobragh


    My GF got this mail also. I'm guessing the hackers got everything and their using 'damage limitation' .....:rolleyes:


  • Advertisement
  • Closed Accounts Posts: 1,302 ✭✭✭sunnyjim


    They got mine too.

    A lot of people who got jobs in the DAA with this crowd also had to fill in details giving bank sort code and account numbers. I hope these weren't in anyway breached... :eek:

    Pissed off though. That's a hell of a lot of information.

    Make sure you all let info@jobs.ie know how you feel. It happened, but it shouldn't have.


  • Closed Accounts Posts: 20 AB25


    Im just glad my email and PPS number is not on my cv. Though its still a bloody disgrace.:mad:


  • Closed Accounts Posts: 20 AB25


    By the way all, its easy to get PPS numbers. if you call revenue and give your personal details and say you've forgotten it, they will tell you eventually. Trust me on this one.


  • Closed Accounts Posts: 508 ✭✭✭SW81


    AB25 wrote: »
    By the way all, its easy to get PPS numbers. if you call revenue and give your personal details and say you've forgotten it, they will tell you eventually. Trust me on this one.

    What can people do with a PPS number?


  • Registered Users, Registered Users 2 Posts: 7,469 ✭✭✭Pythia


    Surely it'll be obvious who stole them when people start getting called.


  • Registered Users, Registered Users 2 Posts: 16,288 ✭✭✭✭ntlbell


    SW81 wrote: »
    What can people do with a PPS number?

    get a tooth filled on the cheap and collect your butter vouchers ;)


  • Registered Users, Registered Users 2 Posts: 1,523 ✭✭✭machalla


    I notice that they have known about the problem since thursday evening but didn't bother to inform anyone of this until close of business friday evening? I'd say this is pretty standard practice to avoid media coverage as its old news by next week.

    I don't think you can sue jobs.ie for anything unless you can prove that a loss has happened due to this and good luck proving that..

    I should have known not to trust a site running on a microsoft web technology..


  • Registered Users, Registered Users 2 Posts: 16,288 ✭✭✭✭ntlbell


    machalla wrote: »

    I should have known not to trust a site running on a microsoft web technology..

    Yea, because it was microsoft's fault. :rolleyes:


  • Registered Users, Registered Users 2 Posts: 1,523 ✭✭✭machalla


    ntlbell wrote: »
    Yea, because it was microsoft's fault. :rolleyes:

    I don't think I blamed MS there actually just that I personally should know better than to trust a site that is based on MS technologies. Of course they don't have to be as insecure if you know what you're doing its just harder to make them secure.

    Perhaps its not unreasonable to apportion some blame to MS based sites when monster.com (asp.net based) and jobs.ie (asp.net based) have both been breached in recent times. Still do feel free to misinterpret away any comments you don't understand.


  • Registered Users, Registered Users 2 Posts: 16,288 ✭✭✭✭ntlbell


    machalla wrote: »
    I don't think I blamed MS there actually just that I personally should know better than to trust a site that is based on MS technologies. Of course they don't have to be as insecure if you know what you're doing its just harder to make them secure.

    Perhaps its not unreasonable to apportion some blame to MS based sites when monster.com (asp.net based) and jobs.ie (asp.net based) have both been breached in recent times. Still do feel free to misinterpret away any comments you don't understand.

    If your net/sys admin and OR dev's are idiots then there's not a whole lot MS can do.

    Have you had any stats on how many breach's were made on sites running apache/PHP ?

    Can you share them with us?

    I'll feel free to inerpret any random nonsensical comments thrown around the way i see fit.


  • Advertisement
Advertisement