Jamie Oliver website hacked, leaving millions of visitors exposed to malicious software

Group hijacked the popular food and recipes site to take over users’ computers

Jamie Oliver’s website was hacked to install malicious software on visitors’ computers.

The recipe site, which receives millions of visitors per month and is one of the most popular sites in the UK, was broken into and had malware installed into it.

When malware is installed on a users’ computer, it can be used to install further bad software — putting user information and privacy at risk.

It’s unclear how the site was compromised. But typically hackers are able to get in by stealing logins or using vulnerably plugins that have been installed on the site.

While the site was hacked, visitors were lured into using a site that was built into the actual Jamie Oliver site and appeared to be it. But clicking through attacked users’ computers through bugs in Flash, Java and Microsoft’s Silverlight — plugins that are used to allow websites to display more complicated code.

Such hacks usually buy adverts on sites, and then use them to execute malicious code on users. But the hackers in this case took over the actual site and injected the code into it, according to security firm Malwarebytes.

After finding the problem, Malwarebytes contacted the administrators of the site and it has since been removed. But it is unclear how many computers the code may have infected before it was taken off the site.

In a statement, a spokesperson for the Jamie Oliver group told The Independent: "The team at jamieoliver.com found a low level malware problem and dealt with it quickly.  The site is now safe to use.

"We have had only a handful of comments from users over the last couple of days, and no-one has reported any serious issues.  We apologise to anyone who was at all worried after going on the site."

"The Jamie Oliver website is regularly checked for vulnerabilities by both our in-house team and an independent third party and they quickly deal with anything that is found.  The team is confident that no data has been compromised in this incident but if anyone is worried, do please use the contact form on the site."

Comments