Last week I reported on rumors that users of Monster.com's job search web site might have had their personal information stolen by a gang of hackers that had managed to infect the Monster site with malicious code.

Now the media is reporting that not only are the rumors true, but instead of affecting a few thousand victims as many as 1.6 million records might have been compromised, affecting hundreds of thousands of users.

The scheme apparently used infected ads and banners on the Monster.com web sites to steal personal information that was then used to send phishing emails to Monster users. These emails in turn installed an information-stealing Trojan on the user's computer in an attempt to steal bank login and password information.

Not surprisingly, there's no mention of the issue on Monster's home page. Under a very obscure link called Security Center, there is a vague reference to a "fraudulent email" that may be in circulation, and simply advises that if you responded to such an email you should contact law enforcement. So that maybe they could clean up Monster's mess? Nice one!