Hackers have hit the dating site eHarmony, along with LinkedIn – giving the business networking service its second major privacy blow in 24 hours.
EHarmony has confirmed that a ‘small fraction’ of its database has been compromised. It says it’s reset affected members’ passwords, and will contact them with information on what to do next.
“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information,” it says in a statement on the company blog.
“We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.”
LinkedIn, meanwhile, has confirmed that as many as 5.8 million passwords have been stolen, just hours after the company was forced to change its iOS app after privacy concerns.
“We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” says director Vicente Silveira.
“We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts: members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid. These members will also receive an email from LinkedIn with instructions on how to reset their passwords.”
Security firm Sophos says that its research indicates that there are 5.8 million unique password hashes in the dump – of which 3.5 million have already been brute forced.
It’s not known who was responsible for the two hacks, or whether they were carried out by the same group – although the passwords have appeared on a Russian web forum, indicating that the culprit may come from that part of the world.