The Channel logo

News

By | John Leyden 20th July 2009 15:26

IT jobs site urges password resets after hack attack

Contact details compromised

US-based online IT employment agency Elance is warning users to change their passwords after it fell victim to hackers.

In a notice posted on Friday, Elance warned that contact information (name, email address, telephone number, city location and Elance login information) was exposed after unidentified hackers broke into its database.

The firm reassured customers that more sensitive payment numbers and social security details were not exposed by the attack. These more sensitive details were kept on a separate database, not exposed to the assault.

In an email to customers, forwarded by Reg readers, Elance advises customers to change their login passwords, presumably before unidentified miscreants have had a chance to abuse the information. Elance reset all subscriber passwords and sent the altered login credentials to registered email addresses.

Passwords were not compromised by the attack, so the step is a precaution against brute force attempts to obtain passwords associated with user login IDs, which were exposed.

California-based Elance said it was in the process of improving its security procedures to prevent a repetition of the attack.

"We have remedied the cause of the breach and are working with appropriate authorities," it said. "We have also implemented additional security measures and have strengthened password requirements to protect all of our users."

An FAQ further explains: "We immediately secured the security hole and are now systematically reviewing the entire Elance system with help from industry leading security experts."

Elance said that some of its stolen user information appeared on a site called OutsourcingRoom.com, which it is attempting to get shut down. "Recently Outsourcingroom.com went offline, but they have since reappeared and we will continue our pursuit until they stop," Elance said.

The employment agency apologised in advance over the possibility that portions of its user email database may fall into the hands of spammers as a result of the attack. ®

alert Send corrections

Opinion

Alexandre Mesguich

Change is order of day as tech giants shift strategy gears
Partnership

Frank Jennings

Confused? No problem, we have 5, no 6, no 7... lots of standards

Chris Mellor

VC sequence could end not with a bang, but a whimper
Sad man stares glumly over boxed contents of desk. Image via shutterstock (Baranq)

Features

money trap conceptual illustration
Big boys snare the unwary with too-good-to-be-true deals
Angus Highland cow
Pet carriers not wanted for whitebox stampede
FBcoldstoragearray
Sorry OpenStack and Open Compute, we're not all Facebook
Gary Kovacs, CEO of AVG. Pic: World Economic Forum
Scammy download sites? Government snooping? Run of the mill for Gary Kovacs