If you have a Monster.com, then delete it. They just suffered a major break-in that has cost them all of the information about their user accounts, including their passwords. The people who stole this information were able to get clear text passwords which is completely unacceptable. I not only canceled my account with them, but left them the following note explaining why:
There is no good reason why our passwords were able to be stolen. Even as a fresh college graduate a few years ago, I understood the basics of securing this information through common hashing algorithms and other basic infosec measures. The fact that such simple, common sense measures were not taken by your engineering staff leaves me without one iota of confidence in Monster or its services.They should have passed the passwords through a strong hashing algorithm and stored the value from that in the database instead of the regular password. This is a common way of securing such information. When the user logs in, you pass the value they submit as their password into the hashing algorithm and see if it matches what is in the database.
I did not hear about this at all. I hope they sent a notice to everyone who had an account. Did you get a response back?