The Irish job website RecruitIreland.com was hacked earlier this week, resulting in breached systems and the theft of the credentials of 400,000 users.
According to media reports, the website was temporarily taken offline after the breach was discovered on the 8th February. A statement on the website said that as per its security guidelines and structures, it has a process in place for eventualities such as this.
It said: “The present indicators are that our database was breached to get email addresses and names for spamming. We shut down access to the site and database at 2pm and immediately informed the Data Protection Commissioner and the Gardai. We take this incident and any attempted breach of our database extremely seriously and this is being investigated internally by our own people.
“From our investigations to date no other data, including CVs, usernames or passwords have been compromised. However if you wish you may change your username and password when we are back up and running. We apologise for any inconvenience this may cause and assure you we have a professional team working to get this resolved.”
The website also said that some users had received spam emails claiming to offer a job. Graham Cluley, senior technology consultant at Sophos, said: “Clearly it is a ghastly situation for the RecruitIreland website and its users have been left exposed by the security breach.
“Questions will no doubt be asked as to why the sensitive information was not held securely (was encryption being used?) and how it was possible for hackers to steal such valuable data.
“It isn't much consolation to the Irish workers who have had their details exposed in this hack, but this is not the first time that cyber criminals have targeted recruitment websites.”