eHarmony passwords leaked online - KMSP-TV

By CASSANDRA VINOGRAD
Associated Press

LONDON (AP) - eHarmony said the passwords of a "small fraction" of its users had been compromised Wednesday. The site, which says it has over 20 million registered online dating users, did not say how many had been affected. But tech news site Ars Technica said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.

The dating service said on its blog that it had reset the passwords of the affected users, who would receive an email with instructions on how to set new passwords. It recommended all its users adopt "robust" passwords.

There's added concern that many people use the same password on multiple websites, so whoever stole the data could use the information to access Gmail, Amazon, PayPal and other accounts, Cluley said.

Cluley said hackers are working together to break the encryption on the passwords.

"All that's been released so far is a list of passwords and we don't know if the people who released that list also have the related email addresses," he said. "But we have to assume they do. And with that combination, they can begin to commit crimes."

It wasn't known who was behind such an attack, which also affected business networking site LinkedIn.

While the passwords appear to be encrypted, security researcher Marcus Carey warned that users should not take solace from such security measures.

"If a website has been breached, it doesn't matter what encryption they're using because the attacker at that point controls a lot of the authentication," said Carey, who works at security-risk assessment firm Rapid7. "It's 'game over' once the site is compromised."

eHarmony is a private company based in Santa Monica, Calif.