Popular dating website Match.com has been the target of malware campaign. Specifically a ransomware campaign utilising the obfuscating nature of shortened URLs.
There have been a spate of dating website attacks in the past few months. The Ashley Madison saga rumbles on and is unlikely to have concluded anytime soon and then Plenty of Fish became the target of a malvertising campaign.
Next on the list is Match.com who’s users have become the targets for a series of potential attacks, including the Angler exploit kit, Bedep and CrytoWall.
What should you do?
“The first thing you need to do is ensure their internet security products, applications and operating systems are fully patched and up to date, as an average user it’s your best protection,” implores Mark James, ESET IT security specialist.
“Next, go change your passwords NOW, not after dinner or tomorrow, any passwords used on this site that happen to coincide with any passwords used on other sites should be changed immediately.
“Be on the lookout for emails or other means of communication that could come your way using data stolen as a result of this attack, and from now on make sure that every password you use is unique if it’s not already the case.”
If you are the victim of ransomware you have to remember that paying the criminals responsible is the worst thing you can do. Not only does it support criminal activity, both digital and real-world, there is no guarantee you will get your files back: they could just run off with your cash.
The best thing you can do is restore those files from a backup, which you have hopefully been keeping up-to-date, after you’ve performed an AV scan on the effected system.
How will the data be used?
“This data can and will be used for targeted phishing attacks, anything that can be used to "up" the trust level of any correspondence from them to you with a view of obtaining more data including credit card details will be top of their list.
“If they can fool you into thinking they are legitimately from your financial company then getting those details will be whole lot easier, they could also directly use any information they manage to obtain to log into other sites that may include credit card related websites.”
How should Match.com handle this situation?
“It’s very important they manage their advertising networks correctly, with the increasing attention being directed to adverts and malware making sure we the users are protected from this avenue of attack is ultra-important these days.
“They need to keep their users up to date on what measures they are taking to protect our data and will need to offer some kind of credit protection for anyone involved in this breach.
The crims in this case have also been making use of the obfuscation inherent in shortened URLs.
“Shortened URL's are a problem for everyone these days, we always talk about checking any links your about to press to ensure you’re not going to end up somewhere you should not is easier of you can read the whole link.
“When they are shortened or abbreviated it’s a whole new problem for users, always where possible check the destination of any links before you commit to them.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.
Have you been affected by any of the reason dating website breaches?