Internet security firm Symantec is reporting that over 1.6 million resumes and personal information for several hundred thousand people had been stolen by hackers. (http://www.digitalhome.ca/content/view/1959/206/)

The way I heard it on the news last night was more of a phishing scheme where people were getting emails asking them to create/re-create/update their Monster information and when you clicked the link, it took you to a fake Monster site and then also installed some malicious code of some sort.

Which version of the story is correct? Was the data actually stolen from Monster's site?

Data was retrieved and sent to a remote server. Symantec discovered the server and reported it. Monster then had that server taken down.

The trojan used valid recruiter logins to get into the monster servers, search for information and then sent the results of those searches to the remote server.