Skip to main content

eHarmony confirms user password leak

Online dating giant eHarmony confirmed last night that a number of its members' passwords had been posted for decrypting on a Russian hacker website. Wednesday's second major online security breach following earlier reports that around 6 million LinkedIn passwords were hacked and leaked on the same forum.

The matchmaker refused to specify exactly how many users had been affected, though speculative reports indicate it is in the region of 1.5 million.

"After investigating reports of compromised passwords, we have found a small fraction of our user base has been affected," said Becky Teraoka, a member of company's corporate communications department.

eHarmony, who have over 20 million users in total, said it had manually reset the passwords for the accounts affected.

Like the LinkedIn breach, the compromised user data was exposed in hash form, with the hackers subsequently colluding to crack the passwords. The host forum is strongly rumoured to be InsidePro.

Depending on password strength, hashes can be converted to raw data using decoding freeware. As of yesterday evening, the relevant threats on the forum had been removed and were unable to be located on Google's cache.

Linkedin users were urged to reset their passwords as a matter of urgency, with the popular social network for professionals reportedly still investigating how the breach occurred.

Internet users concerned about protecting sensitive online information may read our recent digest of a major new Cambridge study in password security, and consult our guide to composing secure codes.