US job website Monster.com has fallen victim to an online attack, resulting in the details of thousands of users being stolen.

According to a BBC report, Monster.com was unaware of the security breach until it was informed by security vendor Symantec.

The anti-virus giant claims that a Trojan was used to access the employers’ section of the website using stolen log-in details. As a consequence, the perpetrators were able to garner information such as user names and e-mail addresses as well as personal details such as home addresses and phone numbers.

According to Symantec these details were then uploaded to a remote web server containing more than 1.6 million entries relating to several hundred thousand candidates.

Symantec says that it has seen reports of phishing emails sent to Monster.com customers that encourage users to download a bogus Monster Job Seeker tool, which then encrypts files on their computer and leaves a ransom note in its wake, demanding money in return for the decryption of the files.

Patrick Manzo, vice president of compliance and fraud prevention at Monster.com stresses that Monster.com’s own security has not been compromised, but rather legitimate customer details have been used to log in to the site’s database in order to access the information.

“We are not aware of any cases of identity theft. In fact, the information that is gathered from Monster is not different than that displayed in a phone book,” said Manzo.