The safety of people’s online passwords is once again in the spotlight after online dating website eHarmony confirmed a number of its customers passwords have been compromised.
The admission came in a corporate blog posting by Becky Teraoka of eHarmony.
“The security of our customers’ information is extremely important to us, and we do not take this situation lightly,” wrote Teraoka. “After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate.”
It also reiterated the usual advice about creating strong passwords that combine the use of at least 8 characters (both lowercase and uppercase) as well as numbers and symbols.
“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information,” Teraoka added. “We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.”
However the company did not provide any further information about how exactly the breach occurred, but will issue instructions on resetting passwords to those affected.
“We deeply regret any inconvenience this causes any of our users,” it said.
The news of the eHarmony breach follows hot on the heels from the news that 6.5 million passwords for the business-focused social networking site LinkedIn were stolen and published online.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” wrote LinkedIn’s Vicente Silveira. “We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts.”
He said that affected users will notice that passwords are no longer valid, and they will receive an email from LinkedIn on how to reset their passwords. They will also get another email from customer services explaining what happened.
“We sincerely apologise for the inconvenience this has caused our members. We take the security of our members very seriously,” Silveira wrote.
Commenting on the LinkedIn breach, Gavin Watson, senior security engineer and head of RandomStorm’s Social Engineering Team, warned that businesses need to be aware of the risks when individual passwords are stolen from social networking websites.
“Security professionals are well aware how much information can be gathered on a person from online applications. What is not so widely appreciated is how this information can be used by hackers to target not only the individual but all the businesses that individual deals with,” said Gavin Watson of RandomStorm, a security vulnerability management specialist.
“It is imperative that LinkedIn users change their passwords immediately and that people avoid reusing passwords for different web applications,” said Watson. “This is not only to protect your personal accounts, but also those of your colleagues and customers.”
Are you a security guru? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…
View Comments
After my LinkedIn password hash was leaked. I had to change 10+ website passwords and I don't want to do that again. I have been working on a feasible solution since then.
The solution is called Aladdin and it is an open source USB key(board) to your computer & websites. He types your password so you don't have to. There is no software to install and works everywhere because it appears as an USB keyboard to the operating system. All it does is type your password.
I'm trying to raise funds by crowdfunding at http://www.indiegogo.com/aladdin-key so I invite you to take a look and write about it. Currently it's ranked 23rd in Technology worldwide and number 1 in Technology in the UK on Indiegogo.