Monster.com, the US jobs website that on Monday admitted falling victim to a major hack in which private information relating to some 1.3 million users was stolen, waited five days before warning job-seekers of the security breach, it has emerged.

According to a Reuters report, the hackers launched the attack from two servers hosted by a company based in the Ukraine, using a small botnet infected with the Trojan Infostealer.Monstres. Patrick Manzo, vice president of compliance and fraud prevention for Monster.com, told Reuters news agency that the company first learnt of the problem on August 17, having been informed by security specialist Symantec.

Manzo’s security team spent nearly four days investigating the incident, and was able to get the offending servers shut down sometime between August 20 and early August 21, said Reuters.

According to Monster.com the stolen details were limited to names, addresses, phone numbers and emails – information that could be found in the phonebook, claimed Manzo. But the aim of the hack was to glean enough personal information so that the hackers would be able to send job-seekers highly convincing phishing emails requesting financial information.

To this extent the hack, which many security specialists are hailing at the largest internet hack recorded so far, was a large-scale exercise in social engineering.

As such it reflects the growing sophistication of phishing scams, which are becoming increasingly targeted towards victims whose personal details can be harvested from a range of online sources.

Information Age analysis: The state of security