Hundreds of thousands of job seekers' personal data is in the hands of crackers after the servers of Monster.com were hacked.
Symantec said the hackers wrote code to access the employers' section of the website using stolen log-in credentials.
The log-ins harvested user names, e-mail addresses, home addresses and phone numbers and sent them to a remote server.
Symantec said when it looked at the remote server it had more than 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US.
Symantec said it had since seen reports of phishing e-mails sent out to Monster.com users which were "very realistic" and contained "personal information of the victims".
The phishing e-mail encouraged users to download a Monster Job Seeker Tool, which was in fact a program that encrypted files in their computer and left a ransom note demanding money for their decryption.