Monster attacked by Monster?

A computer program was used to access the employers' section of the website using stolen log-in credentials. Personal details stored on Monster.com, a website that lists job vacancies, were taken after a raid by hackers who posed as employers to gain access to the site. Having stolen the information, hackers e-mailed the victims claiming to have infected their computers with a virus and threatening to delete files unless demands for payment were met. The details, which included names, surnames, e-mail and home addresses, as well as phone numbers, were then used to send 'phishing' e-mails to members, apparently from Monster.com, encouraging them to download a tool known as 'Monster Job Seeker'. The tool was in fact a malicious 'trojan' program called Infostealer.Monstres, which encrypted the files on the victim's machine, making them inaccessible to the computer owner. A message was left requesting that money be paid to the attackers before the files – which could include photos and other personal documents – would be decrypted. As an initiative for prevention Symantec said users should always limit contact information posted to job websites and to use a disposable e-mail address.
"Never disclose sensitive details such as your social security number, passport or driver's license numbers, bank account information to prospective employers until you have established they are legitimate," said the firm.