Hackers have stolen millions of job seekers' personal details from Monster.co.uk and USAJobs.gov. Both the sites have recently published security alerts confirming a serious database breach.
In what has already been described as one of the most serious cases of data theft ever, 4.5 million UK users (according to The Times), not to mention the millions of users of USA Jobs – the official job site for the US Federal Government – may find their private details are no longer very private.
Part of Monster's alert states: "We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data.
"The information accessed does not include resumes. Monster does not generally collect – and the accessed information does not include - sensitive data such as social security numbers or personal financial data.
"Immediately upon learning about this, Monster initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.
"In order to help assure the security of your information, you may soon be required to change your password upon logging onto the site. Please follow the instructions on the site.
"We would also recommend you proactively change your password yourself as an added precaution. We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures."
For anyone worried by this news, the first thing you should do is change your Monster.co.uk password and then change passwords for the other site that you happen to use that password for (webmail/banking etc).
And, if you hadn't already come to this conclusion, it really would be better to use different passwords for different sites.
Finally, Graham Cluley reminded TechRadar that the last time Monster was linked with a security breach it was over people sending out phishing emails. So triple check anything that purports to come from Monster (or anywhere else for that matter) and contains information that could have come from the breached database.