eHarmony says no other info stolen following password hack

The dating Web site reports the incident to authorities and continues to investigate security breach.

Donna Tam Staff Writer / News
Donna Tam covers Amazon and other fun stuff for CNET News. She is a San Francisco native who enjoys feasting, merrymaking, checking her Gmail and reading her Kindle.
Donna Tam
2 min read

After confirming that member passwords were comprised, eHarmony said today it is continuing to investigate the incident, but it appears no other information was taken.

"While our investigation is ongoing, we have not found any indication that other information was accessed, nor have we received any reports of unauthorized log-ins to member accounts," eHarmony spokeswoman Becky Teraoka wrote in a blog post. "We have also been working with law enforcement authorities in our investigation and have been in touch with one of the other companies affected as well."

The blog post doesn't give specific numbers on how many members were affected by the incident, but Teraoka wrote that it was a "small percentage of accounts." The company disabled the passwords of those accounts and sent an e-mail to affected members, advising them to change their passwords.

Last.fm, which also reported compromised passwords this week, took a similar route. The company's updated passwords have been secured with "a more rigorous method for user data storage," Last.fm's Matthew Hawn wrote today in a blog post. Last.fm has not responded to an e-mail from CNET asking for clarification of the method.

eHarmony's confirmation followed news of LinkedIn's security breach earlier on Wednesday. Some LinkedIn account passwords were on a list of 6.5 million passwords posted to a hacker forum. eHarmony passwords were believed to be on a separate list of 1.5 million passwords that was posted online. Last.fm chimed in the next day with its own concerns of a password leak.

LinkedIn also reported the incident to police and addressed the breach by disabling passwords of accounts at the greatest risk.

It's still unclear how many users are affected and if other Web sites will issue warnings. Users who think they might have been affected should immediately change their passwords on those sites and any other sites they may have used the password for.