Dating Website eHarmony Confirms Password Breach

The safety of people’s online passwords is once again in the spotlight after online dating website eHarmony confirmed a number of its customers passwords have been compromised.

The admission came in a corporate blog posting by Becky Teraoka of eHarmony.

Small number?

“The security of our customers’ information is extremely important to us, and we do not take this situation lightly,” wrote Teraoka. “After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate.”

The dating website did not reveal precisely how many of its customers have been affected, but it said that as a precaution it has reset affected members passwords.

It also reiterated the usual advice about creating strong passwords that combine the use of at least 8 characters (both lowercase and uppercase) as well as numbers and symbols.

“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information,” Teraoka added. “We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.”

However the company did not provide any further information about how exactly the breach occurred, but will issue instructions on resetting passwords to those affected.

“We deeply regret any inconvenience this causes any of our users,” it said.

LinkedIn admission

The news of the eHarmony breach follows hot on the heels from the news that 6.5 million passwords for the business-focused social networking site LinkedIn were stolen and published online.

LinkedIn provided an update on a blog posting on the matter.

“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” wrote LinkedIn’s Vicente Silveira. “We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts.”

He said that affected users will notice that passwords are no longer valid, and they will receive an email from LinkedIn on how to reset their passwords. They will also get another email from customer services explaining what happened.

“We sincerely apologise for the inconvenience this has caused our members. We take the security of our members very seriously,” Silveira wrote.

Change passwords

Commenting on the LinkedIn breach, Gavin Watson, senior security engineer and head of RandomStorm’s Social Engineering Team, warned that businesses need to be aware of the risks when individual passwords are stolen from social networking websites.

“Security professionals are well aware how much information can be gathered on a person from online applications. What is not so widely appreciated is how this information can be used by hackers to target not only the individual but all the businesses that individual deals with,” said Gavin Watson of RandomStorm, a security vulnerability management specialist.

“It is imperative that LinkedIn users change their passwords immediately and that people avoid reusing passwords for different web applications,” said Watson. “This is not only to protect your personal accounts, but also those of your colleagues and customers.”

Are you a security guru? Try our quiz!