Jobs.ie Security Breached.

AB25

I got that email too. Im freaked out. I think that whoever did this knew what they were at.

AB25

If they abuse your info, after stealing it, and you can prove it, then you can sue.

bronte

I am also one of the lucky few who had their c.v. nicked.
Kinda pissed off about it tbh. :mad:

AB25

What im worried about is that it seems to have been done on purpose. I would be freaked out if someone used my details to get a loan, make a passport or try to take any other info. Sorry,not trying to scare anybody!But i am emailing my bank all the same.:)

bronte

My home address, name, personal email and moblie number were on that thing.
If I end up getting cold called I'm gonna give them hell. :mad:
Really don't like this.

SW81

Small few my arse! Loads of people have had their details taken. This is bad form.

Realistically though nothing terribly bad can be done with our details can it?

AB25

I was trying to figure out how this happened. i didnt upload my cv to the site, the only time i applied for a job on that website was to an employer directly, not an agency. I think they hold it anyway.
I asked them to tell me more about how this happened but i doubt i will hear anything.
Has anyone called the phone number??

DermoMIO

Happened to me aswell was shocked.

Just wondering what would be the worst case scenario that could come from this ?

as in people having access to full address, dob, full employment & education history etc

zAbbo

It sounds like everyone who had a cv up there has possibly had there details stolen...

eringobragh

My GF got this mail also. I'm guessing the hackers got everything and their using 'damage limitation' .....:rolleyes:

sunnyjim

They got mine too.

A lot of people who got jobs in the DAA with this crowd also had to fill in details giving bank sort code and account numbers. I hope these weren't in anyway breached... :eek:

Pissed off though. That's a hell of a lot of information.

Make sure you all let info@jobs.ie know how you feel. It happened, but it shouldn't have.

AB25

Im just glad my email and PPS number is not on my cv. Though its still a bloody disgrace.:mad:

AB25

By the way all, its easy to get PPS numbers. if you call revenue and give your personal details and say you've forgotten it, they will tell you eventually. Trust me on this one.

SW81

AB25 wrote: »

By the way all, its easy to get PPS numbers. if you call revenue and give your personal details and say you've forgotten it, they will tell you eventually. Trust me on this one.

What can people do with a PPS number?

Pythia

Surely it'll be obvious who stole them when people start getting called.

ntlbell

SW81 wrote: »

What can people do with a PPS number?

get a tooth filled on the cheap and collect your butter vouchers

machalla

I notice that they have known about the problem since thursday evening but didn't bother to inform anyone of this until close of business friday evening? I'd say this is pretty standard practice to avoid media coverage as its old news by next week.

I don't think you can sue jobs.ie for anything unless you can prove that a loss has happened due to this and good luck proving that..

I should have known not to trust a site running on a microsoft web technology..

ntlbell

machalla wrote: »

I should have known not to trust a site running on a microsoft web technology..

Yea, because it was microsoft's fault. :rolleyes:

machalla

ntlbell wrote: »

Yea, because it was microsoft's fault. :rolleyes:

I don't think I blamed MS there actually just that I personally should know better than to trust a site that is based on MS technologies. Of course they don't have to be as insecure if you know what you're doing its just harder to make them secure.

Perhaps its not unreasonable to apportion some blame to MS based sites when monster.com (asp.net based) and jobs.ie (asp.net based) have both been breached in recent times. Still do feel free to misinterpret away any comments you don't understand.

ntlbell

machalla wrote: »

I don't think I blamed MS there actually just that I personally should know better than to trust a site that is based on MS technologies. Of course they don't have to be as insecure if you know what you're doing its just harder to make them secure.

Perhaps its not unreasonable to apportion some blame to MS based sites when monster.com (asp.net based) and jobs.ie (asp.net based) have both been breached in recent times. Still do feel free to misinterpret away any comments you don't understand.

If your net/sys admin and OR dev's are idiots then there's not a whole lot MS can do.

Have you had any stats on how many breach's were made on sites running apache/PHP ?

Can you share them with us?

I'll feel free to inerpret any random nonsensical comments thrown around the way i see fit.

Newaglish

Question - anybody have a CV on jobs.ie and not get the e-mail?

chris85

got the email this morning, forgot i was even on jobs.ie as havent needed to use it in the last few years

Really bad form on the part of jobs.ie

Clare Bear

chris85 wrote: »

got the email this morning, forgot i was even on jobs.ie as havent needed to use it in the last few years

Really bad form on the part of jobs.ie

Same here.

Standard Toaster

I got the mail too.

a small number of CVs were illegally downloaded.

My arse. And, funny enough, I got a stange call yesterday from someone asking was I still selling me TV? Weird.

I'd say who ever downloaded them, if not caught, will sell the cvs onto another agency for a few €€€

Sherifu

I'd suspect small number = all. Lets see if somebody on jobs.ie didn't get one.

AARRRGH

Well, there's only a couple of scenarios -

1. A hacker got root access to the server. He either downloaded every CV or was in the process of doing so before he got cut off.
2. A hacker gained access to a number of employer accounts. He could then download the CVs from those employer accounts.
3. A hacker gained access to a Jobs.ie admin account. I'm guessing he could access employer accounts or perhaps the CV database that way.

My money is on #1.

Galen

Report it to the guards, that's what I did this morning after I the same email.

board om

dublindude wrote: »

Well, there's only a couple of scenarios -

1. A hacker got root access to the server. He either downloaded every CV or was in the process of doing so before he got cut off.
2. A hacker gained access to a number of employer accounts. He could then download the CVs from those employer accounts.
3. A hacker gained access to a Jobs.ie admin account. I'm guessing he could access employer accounts or perhaps the CV database that way.

My money is on #1.

or 4. an employee left, taking everything with them. in which case they will know who it is.

i would say they would have to send the email to everyone to cover themselves, but that isnt to say all their CV's were taken.

didnt monster get breached a few months back?

AARRRGH

I dunno. To send an e-mail to every jobseeker like this is a bit OTT if it's just an ex-employee being a dick.

Monster.ie did get breached, but it was due to phishing rather than a technical hack.

zAbbo

dublindude wrote: »

Well, there's only a couple of scenarios -

1. A hacker got root access to the server. He either downloaded every CV or was in the process of doing so before he got cut off.
2. A hacker gained access to a number of employer accounts. He could then download the CVs from those employer accounts.
3. A hacker gained access to a Jobs.ie admin account. I'm guessing he could access employer accounts or perhaps the CV database that way.

My money is on #1.

More likely, that they've noticed something dodgy, have no clue what was/wasn't accessed and are covering their asses.