UPDATED: 04/09/2015 at 10.15
Match.com has been the target of a malware breach, according to top security researchers.
Security company Malwarebytes told Match.com on Wednesday night that people are in danger of being subject to a malware attack if they access the UK version of the dating site.
This could potentially put an internet user’s personal data and information at risk, and install harmful software onto their computer that can perform a variety of malicious attacks.
When we reached out to Match.com, a spokesperson confirmed the attack, saying: “We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue.”
The dating site was quick to say this security issue did not represent a breach of the dating site, or its user data – unlike the devastating Ashley Madison hack of recent months.
In addition to this, the company said they have received no reports that any users have been affected.
A spokesperson said: “Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users’ data.
“To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their antivirus / anti malware software.”
Match.com said their adverts are provided by third party partners and they worked closely with them to respond quickly to the vulnerability.
Malware works to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user.
Describing the hostile software, security giants Norton said: “Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy.”
Speaking exclusively to TechWorld, Malwarebytes said the breach is based around shortened Google URLs “which the hacking team use to install an Angler exploit kit to plant Bedep ad fraud Trojans through adverts on the site.”
After this happens, the Trojan will make a huge number of requests to “rogue advertising networks”, attach itself to a host, and then redirect them to another exploit kit that infects the system with malware again.
One particular Trojan said to be involved is the CryptoWall ransom, that encrypts a user’s computer data and holds them to ransom, saying they must pay $500 to decrypt the files.
And the security company said that users with old browsers can be infected without even clicking on the bad adverts.
Last week, it was reported that Plenty of Fish was subject to a very similar type of advertising-based malware infection, also reported by Malwarebytes.
Malwarebytes said they have alerted both Match.com and the advertisers to the issue.
More on the story as it develops.