The online dating site confirmed on Wednesday that a “small fraction” of user passwords were compromised by a data breach. The site said it was resetting affected members' passwords.
“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL, and other sophisticated security approaches”, Becky Teraoka with eHarmony wrote in a blog.
While eHarmony did not provide any more details about the hack, Graham Cluley with Sophos said that hashes of 1.5 million eHarmony passwords were uploaded to websites, and hackers were being encouraged to crack the hashes.
“What really disappoints me is that eHarmony misses an opportunity to tell its users explicitly that if they use the same password on other websites they must change their passwords there also”, Cluley opined.
“As we've said many times, you shouldn't use the same password on multiple websites. Doing so is a recipe for disaster – because if you get hacked in one place, all of your other online accounts at other sites which use the same password could fall shortly afterwards”, he added.