In one of the UK's biggest cases of data theft to date, the recruitment site Monster has been hacked, with confidential details of at least 4,5-million people lifted from its database.
This information includes telephone numbers, e-mail addresses, user names and passwords and demographics – and users from around the world could be affected.
Monster is cautioning its users to change their passwords when they log on to the system.
While the breach could put some users at risk, there's no reason for mindless panic, according to some experts.
Gartner research vice-president Jay Heiser comments "There are two issues here: First, just how much damage this caused to the individuals involved; second, what the security ramifications of software as a service (SaaS) and social networking are.
"First, some reports give the impression that everyone who had an account at Monster will suddenly be attacked by bank-account-stealing cyber-criminals, and that is more than a bit of an exaggeration.
"However, it is the case that the criminal community is hoovering up large amounts of personal info and correlating it, functioning as a sort of underground information bureau," he adds.
"The fact that most people do use the same password on multiple sites means that if passwords were stolen from Monster (which could only happen if Monster used a very primitive and ill-conceived design), it is possible for that password information from Monster to be made available to attackers, along with information from other sources, in support of attacks against bank accounts. The information at Monster alone is not sufficient to attack bank accounts.
"The bottom line is that active internet users should have unique passwords for all sensitive sites," Heiser warns. "The unfortunate fact is that you need a unique password for every critical site, so you need to manage these valuable passwords, which probably means keeping them in an encrypted application.
"Second, you should never assume that a SaaS offering is 'safe', be it a fun social networking site or a serious business site, unless you are given evidence that it is safe.
"For consumers, you have no way of knowing how safe a site is, so don¹t put anything on it that would harm you if it were stolen (such as the same password you use for your bank).
"This should also serve as an example for businesses about putting their fate into the hands of other people," he adds. "Externally-provisioned products are becoming increasingly popular for business, too, and for good reason. If what you need to do involves information that you can¹t afford to lose, or you don¹t want stolen, then you need to be given evidence by the service provider that they are taking security into account.
"For both consumers and business, making a decision about the relative safety of an online-service is a very, very difficult thing to do."