eHarmony member passwords compromised

On the heels of LinkedIn's confirmation of compromised passwords, eHarmony says it is resetting passwords of its users that is says were also compromised.

eHarmony says some passwords of its members have been compromised.
eHarmony has some non-dating advice for its customers today -- change your password.

Dating site eHarmony confirmed today that passwords used by its members were compromised following reports of references to the site among allegedly stolen passwords that were posted to a hacker site.

"After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members," Becky Teraoka, spokeswoman for eHarmony, wrote in a blog post. "As a precaution, we have reset affected members passwords. Those members will receive an email with instructions on how to reset their passwords."

Earlier today LinkedIn said that some of its members' passwords were on a list that ostensibly had 6.5 million encrypted passwords. The words "eHarmony" and "harmony" were referenced in a separate list that was reportedly posted online. It's unclear how many passwords have been cracked and where they all came from.

The eHarmony blog post recommended that people create strong passwords of at least eight characters, mixing upper- and lower-case letters, numbers and symbols, use different passwords for each Internet site and change passwords every few months.

"Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members' personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches," the post said. "We deeply regret any inconvenience this causes any of our users."

Representatives from eHarmony did not immediately respond to an e-mail seeking comment this evening, so it is unclear exactly how many eHarmony customers might be affected and whether the company used a salt technique that would make it more difficult for someone to crack the passwords that have been hashed, or obscured. LinkedIn was criticized by security experts for not salting its hashed passwords.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
The best tech products of 2014
Does this Wi-Fi-enabled doorbell Ring true? (pictures)
Seven tips for securing your Facebook account
The best 3D-printing projects of 2014 (pictures)
15 crazy old phones from a Korean museum (pictures)
10 gloriously geeky highlights from 2014 (pictures)