Job site Monster.com has confirmed 1.3 million users had personal information stolen by hackers, significantly more than the hundreds of thousands reported by security firm Symantec Corp. last week.
Monster.comsaid hackers used servers in Ukraine to steal login details from employers registered with the site. They then used those details to glean personal information — including names, addresses and phone numbers — from users who had logged resumes with the site.
The hackers, posing as potential employers,then sent e-mails to those usersandtried to trick them into downloading malicious software that would hijack their computer until a ransom was paid. Some e-mails also contained scam job offers or requested financial information.
"The purpose of gathering this information appears to be sending e-mail disguised as Monster in order to gain recipients' trust, and then attempting to convince users to engage in financial transactions or lure them into downloading malicious software," said a message on the site. "Regrettably, opportunistic criminals are increasingly using the internet for illegitimate purposes. This problem spans the web, particularly websites that receive heavy traffic and serve a variety of users across the globe."
The website said it first learned of the hack from Symanteclast Friday, and had the Ukrainian servers shut down by Tuesday. The thieves did not get any financial information in the hack and fewer than 5,000 people outside the United States were affected, it said.
Symanteclast weekreported it had discovered 1.3 million entries had been stolen but that those belonged to several hundreds of thousands of users.
Monster vice-president Patrick Manzo told the Los Angeles Times that the Federal Bureau of Investigation and the U.S. Secret Service were investigating the case.
Monster has more than 70 million resumes on file.