Match.Com Users Hit By Malvertising Attack

Another leading dating site has revealed it has been hit by a major data breach which could be revealing the personal details of its users., one of the world’s leading dating sites, was hit by a malvertising attack that, when installed, could steal personal information, send spam emails and operate silently without their consent.

The site has around 27.3 million users worldwide every month, around 7 percent of which come from the UK, TechWorld reported.

Love hurts

According to security firm Malwarebytes, the attack was carried out by the same group that hit fellow dating site PlentyOfFish last month, which is also owned by the Match Group,’s parent company.

The attack was carried out by criminals using Google shortened URLs leading to the Angler exploit kit, which when clicked on, installs malware onto a user’s system. Angler is already known to serve several particularly nasty forms of malware, including the Bedep ad fraud Trojan as well as CryptoWall ransomware.

Malwarebytes says it has alerted and the related advertisers but the malvertising campaign is still ongoing via other routes.

“We take the security of our members very seriously indeed,” a spokesperson said. “We are currently investigating this alleged issue.”

Last month, Malwarebytes found the advertising network used on PlentyOfFish was serving up fake ads that install malware on systems with out of date software like Internet Explorer or Adobe Flash.

Once clicked, an exploit kit searches for vulnerabilities and drops the malicious software onto the machine, with some of the ads even automatically installing malware if a PC that can be infected is detected.

“Malvertising is becoming a go-to method for fraudsters,” said David Kennerley, senior manager for Threat Research at cybersecurity firm Webroot. “Money is the primary motivation for attacks of this nature and often these malicious ads are for additional attacks.”

“Unfortunately simply keeping to trusted websites no longer means you’ll stay safe. The chaotic nature of the online advertising industry means that even popular legitimate websites have no visibility on the ad content displayed on their pages or its original source.”

“Users should keep their browsers fully patched, with appropriate in-built phishing and malware protection switched on. Browser add-ons should be kept up-to-date, with auto-play turned off or better yet, disable or remove these commonly exploited add-ons completely. Ad-blocking software is becoming a must and of course a strong endpoint protection product is essential.”

UPDATE: A spokesperson for UK told TechWeekEurope:

“We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue. Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users’ data.

“To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their antivirus / anti malware software.”

What do you know about 2015’s biggest data breaches? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Apple Security Flaw Being Actively Exploited

Update now. Vulnerability impacts a number of Apple iPhone, iPad and Mac models, and the…

4 hours ago

Yale University Names Firms Still Operating In Russia

Data from Yale University shows a number of big name tech companies continue to trade…

5 hours ago

Police Arrest Four Over BT Cable Theft In North Yorkshire

Police make arrests after Openreach confirms to Silicon UK that a cable theft left 200…

23 hours ago

UK Staff Resisting ‘Big Return’ To The Office, Says infinitSpace

Remote working to stay? Majority of business leaders are struggling to get staff to return…

23 hours ago

Apple Axes 100 Recruiters, Amid Hiring Slowdown – Report

Hiring slowdown at Apple? Tech giant reportedly lets go 100 contract-based recruiters in the past…

1 day ago