Dating site eHarmony has confirmed a password breach that has seen some members’ security compromised, though the company insists that only “a small fraction” of users are affected. The incident, which follows shortly on the heals of LinkedIn’s password leak earlier this week, has seen around 1.5m password hashes released into the wild.
“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members” eHarmony corporate communications manager Becky Teraoka said in a statement. “As a precaution, we have reset affected members passwords. Those members will receive an email with instructions on how to reset their passwords.”
Evidence of the leaked password haul showed up in InsidePro forums, ArsTechnica reports, with the person apparently responsible for the hack asking for help in breaking the encryption. The eHarmony credentials – just like the roughly 6.5m from LinkedIn – are secured with SHA1, which can be broken given time.
More simplistic passwords are faster to crack, hence eHarmony’s advice that users should change theirs to include “at least 8 characters, composed of lowercase and uppercase letters, numbers and symbols.” The company is yet to comment on how the passwords were acquired.