BOSTON - HACKERS have broken into the resume library of US online recruitment site Monster.com and stole the personal information of 1.3 million clients.
An executive said on Thursday that the company had waited five days before telling its users about the security breach, the biggest in recent memory.
Monster has now posted letters to affected users in case they are wary of opening mail from the company after the breach, said a company spokesman.
Hackers broke into the password-protected resume library which has a database of nearly 73 million users, using credentials that Monster Worldwide Inc said were stolen from its clients.
They used two servers at a web-hosting company in Ukraine and personal computers which they controlled by infecting them with a malicious software program, said Mr Patrick Manzo, Monster's vice-president of compliance and fraud prevention.
He said the problem came to light on Aug 17 when investigators with Internet security company Symantec told Monster it was under attack.
The rogue servers were located and the web-hosting company was made to shut them down within three to four days, he said.
He said that, based on Monster's review, the information stolen was limited to names, addresses, phone numbers and e-mail addresses, with no other details being uploaded.
On Tuesday, Symantec published a report on its website saying it had found copies of scam e-mail messages that the attack's perpetrators were using to get information from Monster.com users.
These e-mail messages, posing as new arrivals from Monster.com job recruiters, asked the users to provide personal financial data, including bank account numbers.
They also asked users to click on links that could infect their computers with malicious software.
It was not until Wednesday that Monster put a notice on its website (www.monster.com) warning users that they might be the target of e-mail scams.
The company then announced on Thursday that the details of some 1.3 million job seekers had been stolen.
Fewer than 5,000 of those affected are based outside the United States, the company said.
It could not say by press time if Singaporeans were among those affected by the scam.
Monster.com.sg is one of the leading job sites in Singapore. Among its customers are large firms such as Google, Microsoft and Accenture.
