Earlier today Curse was notified by Google that there was a script known to be malicious being served though some of our sites. Upon further inspection Curse has determined the script was being served through ad placements from a 3rd party. These ads were being served as they normally would; however, due to a security breach at the 3rd party, a malicious JS was being served that was put in their passback system.
We have managed to identify the 3rd party, who is well known to be trusted, as the source of the script. They have been contacted about the compromise and have removed the malicious script being served to not only Curse, but possibly everyone with whom they work. They are still investigating the breech.
Please note that no user data or personal information was compromised in any way. This means no credit card information, personal email or home address or any other data was accessed or manipulated by malicious users.
Curse takes security extremely seriously and has removed all 3rd party ad partners until the investigation is complete. We will keep you informed of the outcome of this investigation. In the meantime, we recommend you run a malware scan on your computer. You can run a free scan at http://www.malwarebytes.org/.
We sincerely apologize for this inconvenience and want to stress, again, that no user data was compromised in any way, shape or form. Thank you for your understanding.