Earlier today Curse was notified by Google that there was a script known to be malicious being served though some of our sites. Upon further inspection Curse has determined the script was being served through ad placements from a 3rd party. These ads were being served as they normally would; however, due to a security breach at the 3rd party, a malicious JS was being served that was put in their passback system.
The security issue did not affect the Curse datacenter at all and at no time was our users' information compromised or exposed as a result of this breach.
We have managed to identify the 3rd party, who is well known to be trusted, as the source of the script. They have been contacted about the compromise and have removed the malicious script being served to not only Curse, but possibly everyone with whom they work. They are still investigating the breech.
Curse takes security extremely seriously and has removed all 3rd party ad partners until the investigation is complete. We will keep you informed of the outcome of this investigation. In the meantime, we recommend you run a malware scan on your computer. You can run a free scan at http://www.malwarebytes.org/. We sincerely apologize for this inconvenience.