Hackers have stolen the personal details of millions of job seekers in one of the biggest cases of data theft in Britain, it emerged.
The recruitment giant Monster said hackers now held confidential information contained on its database, including user names, passwords, telephone numbers, email addresses and "some basic demographic data".
The company said the stolen information did not include CVs, national insurance numbers or personal financial data.
It is thought 4.5 million people are registered with the monster.co.uk website and could be affected by the breach, which, if confirmed, will be the largest data loss since the details of 25 million child benefit recipients went missing in 2007.
In a statement issued on Friday, signed by Monster's senior vice president Patrick Manzo, customers were told to change their passwords when they next log on to the website.
The statement said hackers could use email addresses to "phish" for further information.
The incident is the second serious data breach to hit the company in 18 months, according to Computer Weekly magazine.
The earlier attack was followed by a widespread phishing campaign.
It is also feared that hackers could access users' bank accounts as some people use the same password and email address for online banking.
The statement said the company had launched an investigation and had taken "corrective steps".