Dating site eHarmony confirmed today that passwords used by its members were compromised following reports of references to the site among allegedly stolen passwords that were posted to a hacker site.
"After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members," Becky Teraoka, spokeswoman for eHarmony, wrote in a blog post. "As a precaution, we have reset affected members passwords. Those members will receive an email with instructions on how to reset their passwords."
Earlier todaythat ostensibly had 6.5 million encrypted passwords. The words "eHarmony" and "harmony" were referenced in a separate list that was reportedly posted online. It's unclear how many passwords have been cracked and where they all came from.
The eHarmony blog post recommended that people create strong passwords of at least eight characters, mixing upper- and lower-case letters, numbers and symbols, use different passwords for each Internet site and change passwords every few months.
"Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members' personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches," the post said. "We deeply regret any inconvenience this causes any of our users."
Representatives from eHarmony did not immediately respond to an e-mail seeking comment this evening, so it is unclear exactly how many eHarmony customers might be affected and whether the company used a salt technique that would make it more difficult for someone to crack the passwords that have been hashed, or obscured. LinkedIn was criticized by security experts for not salting its hashed passwords.