To me, posting personal details on a site like monster.com is just a bad idea; surely it's better to send of a CV (resume) in response to a specific role?

Evidently you are not familiar with how these sites operate. One posts a CV/résumé which is searchable by employers, and in addition one may send information to an employer. If no "active" resume exists for you, then the system bumps you off after a short time, like a month. The scammers got an employer account on the system, and then proceeded to download every bit of info they could. Of course the contact info is a required part of the personal information posted on the site.

I never post personal details to Monster; it's way too generic of a site for me. On the other hand, at least in my geography if you want a good tech contracting job, posting your resume (CV) complete with email and phone # on Dice is the way to go. As an example, my wife did a job search 6 months ago, and found 3 positions in which she was interested. After posting her resume to Dice, she received an avalanche of calls, resulting in a dozen or so interesting positions in the first week. Your market conditions can have a serious impact on what you need to do to get good opportunities.

I do recommend getting a disposable phone # and email address first, though.

This has been going on for a while and the line between what this Trojans are doing and what some "agencies" are doing is actually quite blurred.

In the past, I have noticed a number of cases of obviously fraudulent job adverts on UK job boards as well as a number of cases where companies engaged in various fraud have gotten their hands on large portions of the database. This is besides a number of "reputable" agencies selling their applicant details to scammers and anyone willing to pay. In fact, if an agency insists on having your mobile this is the most likely reason for doing so. Add to that the fact that the majority of agencies do not give a damn about the data protection act and keep information on you forever and the picture is nearly complete. It is an industry that is in dire need of some serious legislative stick.

According to my not very scientific observations, it takes on average 24h between posting a new mobile number onto a UK job board (or some of the "reputable" agencies) and starting to receive porn spam on it. Add 24 more hours for scam calls. Same for email addresses and email spams and scams.

Over the last couple of years I had to dispose of three mobile phone numbers, nearly ten email addresses and put a VOIP PBX in the house which filters out all calls coming from "well known" caller IDs or not having caller id at all. This just about keeps the lid on the situation most of the time.

For me it was

"find your perfect job online"

I thought it was funny ...

Monster should have acted immediately this became known, and quarantined all their systems. They should then have modified their login mechanisms to thwart an automated attack (type .gif image text) and required bona fide users to change their passwords.

Users with compromised logins should have been notified and required to AV scan their systems.

I run an anti money transfer fraud website (http://www.bobbear.net/) & from feedback I've received it's been evident for a while that users of sites such as CareerBuilder.com, Dice.com & Monster Jobs are targeted by these types of fraudster.

If somebody can get a credit card with the information in my resume, than the people giving out the credit need to fix their procedures. I'm not going to waste my time trying to keep my whole life a secret because they can't set up a better verification system...

I wonder how long before we're reading about a trojan that gathers personal information from Facebook pages...

I just give sites like Monster fake contact details in case they are stolen and anyway they never offer me any jobs!

Quote from the 'In the spotlight' section on Monster.com

"Keep your personal information safe online

Become online fraud-savvy. Read our tips on avoiding Internet scams."

I always send my CV by post directly to advertised vacancies in the local press. Some folk put their CV on webspace which I think is just plain stupid, as anyone can see all your personal stuff. I'm still wary of sending my CV by email or via a website (using a perl script) as security cannot be guaranteed.

I don't want to worry anyone, but this is a serious breah of security. I am only writing this to warn people about the dangers of passing on details to a 3rd party.

If you can send me any details NOT contained within the stolen information which includes birth dates, schools, residences, family names please do so . We can reset your record with Credit/Debit card details ONLY in your name. This is an urgent email please respond.

I had one sounding like that ("Transfer Manager") get through the filters but it just looked like any other money laundering phish. I think I reported it and binned it. I have never subscribed to Monster.com btw.