Match.Com Users Hit By Malvertising Attack

Another leading dating site has revealed it has been hit by a major data breach which could be revealing the personal details of its users.

Match.com, one of the world’s leading dating sites, was hit by a malvertising attack that, when installed, could steal personal information, send spam emails and operate silently without their consent.

The site has around 27.3 million users worldwide every month, around 7 percent of which come from the UK, TechWorld reported.

Love hurts

According to security firm Malwarebytes, the attack was carried out by the same group that hit fellow dating site PlentyOfFish last month, which is also owned by the Match Group, Match.com’s parent company.

The attack was carried out by criminals using Google shortened URLs leading to the Angler exploit kit, which when clicked on, installs malware onto a user’s system. Angler is already known to serve several particularly nasty forms of malware, including the Bedep ad fraud Trojan as well as CryptoWall ransomware.

Malwarebytes says it has alerted Match.com and the related advertisers but the malvertising campaign is still ongoing via other routes.

“We take the security of our members very seriously indeed,” a Match.com spokesperson said. “We are currently investigating this alleged issue.”

Last month, Malwarebytes found the advertising network used on PlentyOfFish was serving up fake ads that install malware on systems with out of date software like Internet Explorer or Adobe Flash.

Once clicked, an exploit kit searches for vulnerabilities and drops the malicious software onto the machine, with some of the ads even automatically installing malware if a PC that can be infected is detected.

“Malvertising is becoming a go-to method for fraudsters,” said David Kennerley, senior manager for Threat Research at cybersecurity firm Webroot. “Money is the primary motivation for attacks of this nature and often these malicious ads are for additional attacks.”

“Unfortunately simply keeping to trusted websites no longer means you’ll stay safe. The chaotic nature of the online advertising industry means that even popular legitimate websites have no visibility on the ad content displayed on their pages or its original source.”

“Users should keep their browsers fully patched, with appropriate in-built phishing and malware protection switched on. Browser add-ons should be kept up-to-date, with auto-play turned off or better yet, disable or remove these commonly exploited add-ons completely. Ad-blocking software is becoming a must and of course a strong endpoint protection product is essential.”

UPDATE: A spokesperson for match.com UK told TechWeekEurope:

“We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue. Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users’ data.

“To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their antivirus / anti malware software.”

What do you know about 2015’s biggest data breaches? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago