The safety of people’s online passwords is once again in the spotlight after online dating website eHarmony confirmed a number of its customers passwords have been compromised.
The admission came in a corporate blog posting by Becky Teraoka of eHarmony.
“The security of our customers’ information is extremely important to us, and we do not take this situation lightly,” wrote Teraoka. “After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate.”
It also reiterated the usual advice about creating strong passwords that combine the use of at least 8 characters (both lowercase and uppercase) as well as numbers and symbols.
“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information,” Teraoka added. “We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.”
However the company did not provide any further information about how exactly the breach occurred, but will issue instructions on resetting passwords to those affected.
“We deeply regret any inconvenience this causes any of our users,” it said.
The news of the eHarmony breach follows hot on the heels from the news that 6.5 million passwords for the business-focused social networking site LinkedIn were stolen and published online.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” wrote LinkedIn’s Vicente Silveira. “We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts.”
He said that affected users will notice that passwords are no longer valid, and they will receive an email from LinkedIn on how to reset their passwords. They will also get another email from customer services explaining what happened.
“We sincerely apologise for the inconvenience this has caused our members. We take the security of our members very seriously,” Silveira wrote.
Commenting on the LinkedIn breach, Gavin Watson, senior security engineer and head of RandomStorm’s Social Engineering Team, warned that businesses need to be aware of the risks when individual passwords are stolen from social networking websites.
“Security professionals are well aware how much information can be gathered on a person from online applications. What is not so widely appreciated is how this information can be used by hackers to target not only the individual but all the businesses that individual deals with,” said Gavin Watson of RandomStorm, a security vulnerability management specialist.
“It is imperative that LinkedIn users change their passwords immediately and that people avoid reusing passwords for different web applications,” said Watson. “This is not only to protect your personal accounts, but also those of your colleagues and customers.”
Are you a security guru? Try our quiz!
Boeing Starliner space capsule set for first crewed flight into orbit after years of delays,…
Google clashes with US Justice Department in closing arguments as government argues Google used illegal…
Prominent Stanford University AI scientist Fei-Fei Li reportedly completes funding round for start-up based on…
Apple shares surge on optimism that new AI-focused hardware launches will drive renewed sales, starting…
Biden vetoes Republican-backed measure amidst dispute over 'joint employer' status for contract workers, affecting tech…
Lawyers in US social media addiction action say strict controls on Douyin in China show…
View Comments
After my LinkedIn password hash was leaked. I had to change 10+ website passwords and I don't want to do that again. I have been working on a feasible solution since then.
The solution is called Aladdin and it is an open source USB key(board) to your computer & websites. He types your password so you don't have to. There is no software to install and works everywhere because it appears as an USB keyboard to the operating system. All it does is type your password.
I'm trying to raise funds by crowdfunding at http://www.indiegogo.com/aladdin-key so I invite you to take a look and write about it. Currently it's ranked 23rd in Technology worldwide and number 1 in Technology in the UK on Indiegogo.