Late last week Monster.com admitted that its database was “illegally accessed” and that its member’s names and passwords were likely stolen. Monster.com the smallest amount of advice it could, “Please change your password”. But they should have included the following in their press release:

Since our organization does not encrypt our members’ passwords, the individual(s) who perpetrated this illegal act now know both your E-mail address AND your password. Please take a few minutes and ask yourself, “Which other websites to which I belong, use both my email address and the same password?”.

Contrary to all the advice, most people still use the same password for multiple websites. Changing your Monster.com password might stop the criminals from getting to your resume, but how much other personal information is now ready for the taking?

PS: What screwed up company doesn’t encrypt their users’ passwords?!?! Amateurs.