Jamie Oliver doesn’t care that he gave you malware

Well, here’s news that will surprise absolutely no-one.

Chirpy cockney chef Jamie Oliver has been found spreading malware yet again after his website suffered yet another compromise.

Jamie Oliver website

According to researchers at MalwareBytes, the popular site was serving up a password-stealing payload alongside its pasta pesto.

Sign up to our free newsletter.
Security news, advice, and tips.

That would be bad news in itself, but the fact is that Jamie Oliver’s website was also found to have been compromised with malware in March and between December last year and February.

Jamie OliverIn short, the team responsible for Jamie Oliver’s website have found themselves victims again and again. Which does, somewhat, make you question how likely it is that they’re going to properly prevent yet another reoccurrence.

On each occasion, it is innocent internet users who are put at risk – and may find that their passwords have been stolen simply because they visited Jamie Oliver’s website for a tasty recipe.

Which can hardly be good for Jamie Oliver’s multi-million dollar brand.

According to MalwareBytes, the threat is the same as the previous incidents. Browsing any page on Jamie Oliver’s website can lead to the Fiesta exploit kit being executed from a third-party website via a single line of code.

Compromised website code

MalwareBytes says it has told Jamie Oliver’s team about the problem – one would imagine that they’re on first name terms by now – but what disturbs me is that there is no warning of the risk on the website or mention of the problem on Jamie Oliver’s Twitter account.

I mean, if you want to be sure that Jamie Oliver fans know that their Windows computers might have been infected, you don’t just hope that they read a security vendor’s blog or happen upon a BBC News report, do you?

If you go to Jamie Oliver’s website (careful folks… who knows when it will next be infected?) then you’ll discover that it apparently found no space to mention the malware attack.

No room to mention malware on Jamie Oliver's website

And the same is true on Jamie’s Twitter account, a perfect platform for informing over four million fans of the risk.

My conclusion has to be that he simply doesn’t care.

And if he doesn’t care, why do you imagine that efforts will be made to prevent it from happening again?

Further reading for Jamie Oliver’s IT team: Why does my site keep getting hacked/reinfected?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Jamie Oliver doesn’t care that he gave you malware”

  1. Phil

    He's really not a cockney. 'Chirpy' I'll give you…

    1. Graham CluleyGraham Cluley · in reply to Phil

      Maybe mockney would have been more accurate. Lovely jubbly

  2. Coyote

    "In short, the team responsible for Jamie Oliver's website have found themselves victims again and again."
    I disagree – the victims are those unsuspecting visitors to their website. Oliver's IT department, however, is irresponsible and negligent. Yes, it can happen. But the fact they're not notifying anyone, the fact they're going through this repeatedly means it is more than just a mistake – it is negligence.

    "My conclusion has to be that he simply doesn't care."
    Indeed. He doesn't. That is quite clear. Shameful too, because of the implications of malware..

    "And if he doesn't care, why do you imagine that efforts will be made to prevent it from happening again?"

    A better question is WHEN will it happen again. It is interesting to note that two very different extremes lead to the same issue:

    1. Person does something foolish and then uses the unimaginative, always old remark about it not being them but someone broke in to their account (i.e. not accepting that they could have done things better [and in most – I'm inclined to say all – cases this includes not accepting their poor decisions to do/say whatever it is that was done]). It is a default excuse that takes all the blame and puts it elsewhere (and yet those who do have an account compromised are more likely to accept it and learn from it, with the exception of 2, below, and perhaps similar attitude). I.e. they're irresponsible.
    2. Outright ignoring risks. I.e. they're irresponsible.

    Yet both are the same thing if you think a bit more: they don't seem all that concerned with their actions (or lack thereof); they only (sometimes) care about their reputation. 2 seems more serious to me because 1 is a poor decision, something they realise they shouldn't have done (but are too afraid to admit it to it or face the consequences publicly), but ignoring things such as Jamie Oliver does is not even accepting it in the first place.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.