Dating website eHarmony last night acknowledged that it too was caught up in the hack that compromised about 6 million LinkedIn passwords.
“After investigating reports of compromised passwords, we have found that a puny fraction of our user base has been affected,” eHarmony said in a blog post. “We are continuing to investigate but would like to provide the following deeds we are taking to protect our members.”
“As a precaution,” eHarmony reset passwords for affected members, who will receive emails with instructions on how to update their accounts.
“Please be assured that eHarmony uses sturdy security measures, including password hashing and data encryption, to protect our members’ private information,” the company said. “We also protect our networks with state-of-the-art firewalls, geyser balancers, SSL and other sophisticated security approaches.”
Yesterday afternoon, LinkedIn acknowledged that hackers had obtained access to some of its users’ passwords. It did not expose an exact number, but at least 6 million of the company’s 161 million member passwords popped up online. Ars Technica later reported that eHarmony might have been involved due to the fact that a large number of the passwords involved the word “harmony” or “eharmony,” and that turned out to be correct.
In a separate blog post, Sophos analyst Graham Cluley said that “as with the LinkedIn breach, eHarmony users’ passwords were exposed in the form of hashes. In this case, the hashes of 1.Five million eHarmony passwords were uploaded to websites, where hackers were encouraged to join coerces to crack them.”
Cluley criticized eHarmony for not urging users who used their eHarmony passwords on other websites to switch them instantly. “Doing so is a recipe for disaster – because if you get hacked in one place, all of your other online accounts at other sites which use the same password could fall shortly afterwards,” he wrote.
McAfee had a similar warning. “A secure passphrase may be the only thing standing inbetween your private data and those that wish to steal it,” said Jim Walter, manager of McAfee’s Threat Intelligence Service (MTIS). “Password maintenance is simply an unavoidable best practice in today’s digital world.”
Walter urged all users of LinkedIn, and presumably eHarmony, to switch their passwords, regardless of whether they were involved in the hack.
LinkedIn, meantime, touted “enhanced security we just recently put in place, which includes hashing and salting of our current password databases.” That basically makes it a bit firmer for the hackers to decipher the passwords, tho’ not unlikely.
Security rigid F-Secure noted, “when an attacker has your salt values and code, the only thing that is protecting user accounts is the strength of passwords they are using, and people are not very good sources of entropy. By combining dictionary attack and brute force technics it will not take very long to break a significant proportion of passwords, even for a large site with many accounts.”
For more from Chloe, go after her on Twitter @ChloeAlbanesius.
For the top stories in tech, go after us on Twitter at @PCMag.
Chloe Albanesius has been with PCMag.com since April 2007, most recently as Executive Editor for News and Features. Prior to that, she worked for a year covering financial IT on Wall Street for Incisive Media. From 2002 to 2005, Chloe covered technology policy for The National Journal’s Technology Daily in Washington, DC. She has held internships at NBC’s Meet the Press, washingtonpost.com, the Tate Gallery press office in London, Roll Call, and Congressional Quarterly. She graduated with a bachelor’s degree in journalism from American University. More »,
More Stories by Chloe
Twitter users last night noticed that efforts to post tweets with the URL needtoimpeach.com were bei. More »,
After a brief recess that required meeting attendees to evacuate for security reasons, a divided com. More »,
Details are scant, but T-Mobile next year will introduce a service that will contest with the likes . More »,
// Related Articles
- About Us
- PCMag Digital Edition
- RSS Feed
- More From Ziff Davis:
- Computer Shopper
- Everyday Health
- What to Expect
- RSS Feeds
- Site Map
- Contact Us
PC, PC Magazine and PC PCMag.com are among the federally registered trademarks of
Ziff Davis, LLC and may not be used by third parties without explicit permission.