Online dating site eHarmony has confirmed that it too suffered a hack on its password database.
In an official blog post, the company said that the attack had affected a minority of its user base:
No ad to show here.
After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members.
In the wake of news that some 6.5-million LinkedIn passwords had been leaked, eHarmony immediately reset the afflicted passwords. It also sent out an email to the affected users telling them how to change their passwords.
In the post, it also tried to reassure users that the security measures it took were stringent:
Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.
According to Ars Technica, the passwords were most likely leaked by the same hacker who stole LinkedIn’s.
The tech news site also reports that the reported passwords could be just a small fraction of those obtained by the hacker. The ones posted on the hacking forums that led to the story, may well just be the ones they couldn’t crack. As one commentor noted:
It means nothing that you don’t find your password in the list. Out of an abundance of caution, readers should presume the entire list has been obtained and change their password no matter what.