Rigzone Site Hacked – 700,000 Candidates Accounts Stolen Through Site Backdoor
Former website owner charged as Rigzone loses 700,000 peoples data
The founder of an oil and gas networking website was arrested on March 30th on charges that he hacked and stole information from a rival site he had created and sold to DHI Group Inc., U.S. authorities said.
David Kent, 40, was accused in a criminal complaint filed in Manhattan federal court of stealing resume information from more than 700,000 customer accounts for Rigzone.com, which he had sold for $51 million in 2010, to boost the membership of his new site, Oilpro.com.
The complaint said Kent then tried to sell Oilpro.com to DHI, a provider of specialised career websites, by misrepresenting that the new website increased its membership through standard marketing methods.
The FBI arrested Kent in Spring, Texas, on the morning of March 30 on charges of conspiracy and wire fraud, agency spokeswoman Kelly Langmesser said.
The complaint did not identify Rigzone by name, but DHI Group Chief Executive Michael Durney said in a statement that his company was “in complete cooperation with law enforcement officials on this investigation.”
Between October 2013 and February 2016, Kent allegedly conspired to access information belonging to Rigzone without authorisation and attempted to defraud New York-based DHI.
Kent allegedly accessed Rigzone’s member database without authorisation and stole customer information, including information from over 700,000 customer accounts.
“Kent then exploited this information by inviting [the website’s] members to join Oilpro,” the FBI said.
A Rigzone member reported being receiving ‘an email solicitation’ from OilPro in early 2014, despite never previously having provided the company with information. This is believed to be when suspicions of illegal access to private information were first aroused.
It has since been estimated that more than 111,000 OilPro accounts were the result of the hack on Rigzone.
Information from 96,000 resumes was illegally accessed in the first round of hacks, when traffic to OilPro increased ‘dramatically’. A second wave consisted of over 750,000 suspicious http requests.
Kent appeared in court in Houston on Wednesday, and was released on a $250,000 bond. He has been ordered not to contact any potential witnesses, including OilPro employees. The investigation is ongoing.
A lawyer for Kent did not respond to requests for comment.
Rigzone was launched by Kent in 2000 and allows members to create profiles and upload resumes. When the website was sold to New York-based DHI in 2010, its member database was worth $6 million, the complaint said.
In 2013, Kent started Oilpro.com, which provides networking services to professionals working in the oil and gas industry. By January 2016, the Houston-based company had grown to 500,000 members, according to the complaint.
From the start, Kent aimed to build a website that DHI would be interested in acquiring, the complaint said.
But in a statement, Manhattan U.S. Attorney Preet Bharara said Kent had hacked a database belonging to DHI and then “tried to use the proprietary information to defraud that same company.”
The complaint said Rigzone’s database was hacked twice in 2014 and 2015, resulting in members being solicited to join Oilpro.com. Dice bought Oilcareers.com and added it to the Rigzone brand in March 2014. It is thought that members of Oilcareers data may also have been stolen.
Prosecutors said one of Kent’s employees at Oilpro.com who previously worked for Rigzone also accessed information on that website’s Google Analytics account without authorisation and forwarded the information to Kent.
The case is U.S. v. Kent, U.S. District Court, Southern District of New York, No. 16-mj-1906.
Oilpro has gone offline.
