Match.com Confirms Malware Attack That Put UK Users At Risk

match.com

Match.com has confirmed it was the victim of a malware attack, recently revealed by security researchers.

Yesterday, security company Malwarebytes told Match.com that users were in danger of being subject to a malware attack if they accessed the UK version of the dating site.

This security failure could potentially put the user’s personal data and information at risk, as well as installing harmful Trojans to their computer.

The Match.com Trojans were based around the site’s advertising, using rogue advertising networks to hook in unsuspecting users and install malicious software to their computers.

And the IAC-owned dating site has admitted to the security breach in a statement, confirming it was related to malware within the advertising published on its site.

The company told GDI: “We take the security of our members very seriously. Earlier today we took the precautionary measure of temporarily suspending advertising on our UK site whilst we investigated a potential malware issue.”

The dating site was quick to say this security issue did not represent a breach of the dating site, or its user data – unlike the devastating Ashley Madison hack of recent months.

In addition to this, the company said they have received no reports that any users have been affected.

A spokesperson said: “Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users’ data.

“To date we have not received any reports from our users that they have been affected by these adverts. Nonetheless, we advise all users to protect themselves from this type of cyber-threat by updating their antivirus / anti malware software.”

Match.com said their adverts are provided by third party partners and they worked closely with them to respond quickly to the vulnerability.

When they discovered the breach, Malwarebytes said the issue was based around shortened Google URLs “which the hacking team use to install an Angler exploit kit to plant Bedep ad fraud Trojans through adverts on the site.”

One particular Trojan said to be involved was the CryptoWall ransom, that encrypts a user’s computer data and holds them to ransom, saying they must pay $500 to decrypt the files.

Last week, Plenty of Fish was subject to a very similar type of malvertising attack, which also used shortened Google URLs to direct users to infected ads.

More on this story as it develops.