"In order to help assure the security of your information, you may soon be required to change your password upon logging onto the site."
I wonder how Monster is going to verify that the person logging in and changing the password is actually the user who owned the account and not the thief.
I guess they could hope that the user's email hasn't been compromised and go through an email verification to change the password.
Ouch. It's actually not surprising how many companies store plaintext passwords. It's a dirty little secret.
Crucial details missing: how many (all?) users affected? When did the breach occur and how long did it take them to notice? How did they notice? What is this crap about "continually monitoring" the internet when they can't even secure their own servers?
Wait - I missed that in the original post. Where does it say that they stored unencrypted passwords? Maybe it does and I missed it (it is 4:00AM on a Saturday lol)
We got the company-wide email this morning. More or less the same content as the linked site. There's more to the story but I can't say because I work there.
