Even though the hackers didn't directly obtain non-public personal information, the hackers were able to then send the job applicants phishing emails containing legitimizing information and purporting to be from the trusted (to the job seekers) website Monster. But, the emails were actually designed to trick the applicants into loading malicious software on their machines. Some news stories report that the bad software included keystroke loggers to obtain passwords and account numbers later; others report that the software propagated Trojan Horse ransom emails, or both. What concerns me both is that a Monster official said that because the hackers used passwords of legitimate outside users that the "security breach was not due to a bug in his company's systems." Yes, Monster, it was due to a bug in your system. Your system, dear Monster, failed to audit its authorized users adequately, allowing a malicious user to to troll through and collect millions of names. What legitimate user would conceivably do that and why didn't the system catch it? Reminds me of my friends at Mattel blaming the Chinese supplier instead of admitting that it was their fault for failing to check up on him.