The Web site eHarmony acknowledged yesterday that a small percentage of its users’ passwords may have been exposed in an online forum used by hackers.
The acknowledgment comes just a few days after another major Web site,LinkedIn, also acknowledged that its users’ passwords were exposed. The eHarmony passwords appear to have been found on the same site as the LinkedIn passwords.
The passwords were in hash, or cryptographic form. It is possible to crack such encryption with available software, but it is not known whether any of the passwords were unencrypted.
“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” wrote eHarmony corporate communications officer Becky Teraoka, in a blog post.
EHarmony is taking some security measures, the post said. These include changing the passwords of affected users; such users will also receive e-mails telling them how they can change their password.
EHarmony did not provide many additional details, including on how the breach may have occurred. The site also mentioned it takes a number of steps to secure customers’ data. These include the use of password hashing, firewalls, and Secure Sockets Layer encryption to protect Internet traffic.
EHarmony also offered some strong password advice. These include using at least eight characters, including upper case and lower case letters in addition to numbers. Different passwords should also be used for different sites. And passwords should be changed every few months.