Dating website and Last.FM are the latest victims of hack attack.
Click to enlarge
This comes after professionals network LinkedIn confirmed millions of user passwords had been leaked on a Russian hacking forum database, which eHarmony now says included some of its members.
“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” eHarmony’s Becky Teraoka, wrote on a blog.
And it appears British music site LastFM has also been affected by the hack and are “asking all our users to change their passwords immediately.”
Reports indicate around 6.4 million LinkedIn passwords were leaked online, and SophosLabs reckon around 1.5 million eHarmony users details were leaked.
The dating site said it is “continuing to investigate” but “as a precaution” has reset affected members passwords.
Affected members will receive an email with instructions on how to reset their passwords.
eHarmoney, which brands itself as “#1 Trusted Online Dating Site for Singles” has around 20 million registered online users.
“The hashes of 1.5 million eHarmony passwords were uploaded to websites, where hackers were encouraged to join forces to crack them,” says Graham Cluley, Sophos Labs.
The leaked passwords on the Russian hacking forum appear in the form of a cryptographic “hash” which converts text into a sequence of numbers and letters using a mathematical formula, say security experts.
Read: LinkedIn Hack: 6.5 Million Passwords Spill Russia
However, eHarmony’s Teraoka offered passwords tips including: “create a strong password of at least 8 characters, composed of lowercase and uppercase letters and numbers and a different passwords for each of the Internet sites you use.”
However, Cluley was less impressed with the matchmakers advise:
“What really disappoints me is that eHarmony misses an opportunity to tell its users explicitly that if they use the same password on other websites they must change their passwords there also.”
Users shouldn’t use the same password on multiple websites such as Gmail, Facebook and “doing so is a recipe for disaster” he warns, as if one site is compromised all other online accounts with the same password could fall.
Teraoka also assured its 20m members it uses robust security measures, including password hashing and data encryption, to protect members’ personal information.
“We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.”
Users should also change their passwords every few months, she added.