Why Doesn’t This Scare You?

Posted: March 20, 2009 in Uncategorized

I have been on twitter a couple times today. And I ran across this…

 

January 23, 2009

As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. Monster does not generally collect – and the accessed information does not include – sensitive data such as social security numbers or personal financial data. Neither resume nor customer transactional data were compromised.

Immediately upon learning about this, Monster initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.

In order to help assure the security of the database, you may soon be required to change your password upon logging in or upon notification by one of Monster’s customer service representatives. We would also recommend you proactively change your password yourself as an added precaution. We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures.“…. (here is the full story)

I am not by any means suggesting that we toss Monster under the bus. They are a big company and that is going make them that much more vulnerable to hackers. So do you ask yourself, are we as big as Monster? Do we need to worry? Well the answer to the question is pretty straight forward…

Yes be scared, be paranoid, freak out. Not just because Monster was hacked and your info is there but think of it that way. I know that my first thought was is my information ok, heck they have my name… So if you look at your databases and your security maybe it’s time that as a DBA we should be required to put our personal information in there. Ouch, is that a sore spot? Should we as DBA’s be willing to public make this statement:

“I am confident in our security that I will put my personal information in the database”

Now the next time I see that on a resume, my eyes will light up. I think I have found a good litmus test, are you willing to do this? Well there is the rambling for the day.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s