Following the Ashley Madison hack and subsequent release of data another dating website, Plenty of Fish, has fallen foul of cyber crimes.
Users who’ve visited Plenty of Fish in the last week or so are urged to keep an eye on their finances after the site was hit by a malvertising attack.
Mark James, ESET IT security specialist, answers some questions relating to the breach.
Flavour of the month
Online dating seems to be getting more and more popular. With every niche and preference catered for online (including gluten free dating, google it).
With this popularity comes a great deal of unwanted attention: malvertisers will no doubt be looking to target high traffic websites, online dating sites have this traffic.
“After the massive media attention that Ashley Madison has attracted it stands to reason that similar infiltrations will also attract the same sort of short term awareness.
“Along with the actual information retrieved from the site there comes a level of public interest in similar attacks, it’s like buying a certain make of car and then always seeing that car as you drive around.
“There’s probably no increase in these particular industry specific targets only our awareness of current projects.”
What happened?
“Malvertising has been around for a while now and often is quite successful in its attack campaign because of the lack of interaction needed by the individual infected.
“It’s not reliant on unpatched servers or vulnerabilities nor the reputation of the affected site, it could be a high profile or an under the radar website and has the ability to spread through thousands of users before being found and stopped.”
What should users do?
“You could install and use an ad-blocking program to stop the adverts from being displayed in the first place BUT remember many websites use adverts to fund their hard work so you could be stopping these legit businesses from making money and thus providing you with a free website.
“Ensure your operating systems and applications are all updated and patched and make sure you check your financial accounts regularly.
“Look out for any transactions you’re not sure off, however small they may seem and if possible change any financial banking login passwords immediately. Changing a password takes minutes, having to deal with recovering money from a hacked account can take months to get it all resolved and sorted, it’s a no brainer!”
What should Plenty of Fish do?
“They need to ensure they are using a good ad server to manage their online advertising, vet the company and the provider to ensure it has a good reputation.
“Keeping the public informed of exactly what has and what is happening will help and offer some kind of credit monitoring service to anyone directly affected by the compromise, check their entire systems for any type of breach and continue to monitor it on a regular basis.”
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.
Have you been affected by this breach or others like it?