Attackers using a Trojan horse stole more than 1.6 million records belonging to users of Monster Worldwide's online job search service, the company acknowledged last week.
The malicious program, called Infostealer.Monstres, utilised the pilfered data to send Monster.com users phishing e-mails that plant malware on their machines, said researchers at Symantec.
The stolen records include the names, email addresses, home addresses, phone numbers and résumé identification numbers of 1.3 million users of Monster's services, said Amado Hidalgo, senior security response manager at Symantec.
The theft was discovered on August. 17, and last Thursday Monster.com disclosed that it found a remote server used by the attackers to store the stolen information.
"Monster has identified and shut down a rogue server that was accessing job seeker contact information through unauthorised use of compromised legitimate employer-client log-in credentials," New York-based Monster Worldwide said in a statement.
"The company is currently analysing the number of job seeker contacts impacted by this action and will be communicating with those affected as appropriate," the statement said.
Hidalgo said that the legitimate log-ins were likely stolen from recruiters and corporate human resources personnel.
For more detail on the Monster.com hack go the "Features section" on this site.