Ashley Madison this, Ashley Madison that. Everywhere you look, security news is about the breach at the infidelity site, almost to the complete exclusion of any other topics.
So it may come as a surprise to learn that the Avid Life Media site is not the only ‘dating’ website to attract the interest of hackers lately.
British bastion of journalism the Daily Star reports how single people (because they’re the only sort who go on dating sites presumably) have been put at risk by a compromise at Plenty of Fish (if you want to hear some funny stories about some people I know and their collective experiences on that site come find me at a conference some time).
The problem with POF, it seems, is that the site has gone nuclear (Malwarebytes, the origin of the story, reports how the Google URL shortener goo.gl is loading the Nuclear exploit kit), installing keyloggers on visitors’ devices.
As you can imagine, that’s not good as it means whoever is behind the attack could view online banking details – which may be of concern if your chosen financial services company does not employ some form of two factor authentication as part of the logging in procedure.
As Jerome Segura of Malwarebytes says,
This type of attack does not require any user interaction. It does not matter if you haven’t browsed a dodgy site.
Typically it will sit on your computer and wait for the user to log onto a banking site. The malware will lay low until you perform something of interest.
Most people are not going to be aware that anything has happened. It is designed to steal people’s usernames and passwords when you log in to a banking site.
As a result, his advice is to look out for strange transactions and to tell your bank to be on the lookout for fraud. My advice would be to change your bank if your username and a static password are all that are required to mess with your online finances.
Beyond that though, why are dating sites in the news anyway?
OK, we know Ashley Madison attracted attention because the Impact Team does not agree with the morals behind extra-marital affairs. But why Plenty of Fish?
I think there are a few of reasons.
Firstly, there is the number of potential victims – POF claims it has more than 100 million members with many logging in multiple times per day – rich pickings indeed.
Then there is the fact that the vast majority are likely to be men (reports suggest 90%-95% of Ashley Madison’s user base is male) desperately seeking Susan, Mary, or whoever else tickles their fancy. Given the dumber sex’s propensity to equate cash spent with success potentially gained, there may be the feeling that many members are likely to actually have some cash in their accounts!
Thirdly, the fact that one dating site got hit and made the news may have been all that was needed to help the POF attackers decide upon which type of site to go after.
And, lastly, perception – maybe dating sites aren’t the new darling of the hackers’ minds but it just seem that way?
In any event, the indisputable truth is that anyone looking for love or any other type of chemical reaction is having a hard time of it right now but probably not in the way they hoped for.
If that sounds like you, or you just want to stay secure online in any event, think antivirus, operating system patches and ad blockers. Also consider web links and how you interact with them and, as I’ve already mentioned, consider the security surrounding your online bank account and whether or not that may need addressing.