The BBC reports that Symantec has advised them that a Trojan used stolen log-in credential to access the employers’ section of Monster.com in order to harvest user information of job candidates, including user names, e-mail addresses, home addresses and telephone numbers, which were stored on a remote web server.

Symantec estimates that account information from several hundred thousand Monster job applicants was stolen, containing over 1.6 million data items from primarily US-based job candidates who had posted their resumes on Monster. It’s expected that the harvested information will be used for spam and phishing purposes. Symantec reported having already seen reports of phishing e-mails sent out to Monster.com users which encouraged users to download a Monster Job Seeker Tool, which was in fact a program that encrypted files in their computer and left a ransom note demanding money for their decryption.

Monster’s response was that the information that was harvested amounted to little more than information that might be published in a phone book (plus an email address).

Related: What Exactly is Phishing?