Share this story Online dating site eHarmony has confirmed that a massive list of passwords posted online included those used by its members. 'After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,' company officials said in a. The company didn't say what percentage of 1.5 million of the passwords, some appearing as MD5 cryptographic hashes and others converted into plaintext, belonged to its members. The confirmation followed a that a dump of eHarmony user data preceded a separate dump of LinkedIn passwords. EHarmony's blog also omitted any discussion of how the passwords were leaked. That's unsettling, because it means there's no way to know if the lapse that exposed member passwords has been fixed. Instead, the post repeated mostly meaningless assurances about the website's use of 'robust security measures, including password hashing and data encryption, to protect our members’ personal information.'

1. Forgot Eharmony Password

Log in and access LastPass using the browser icon. Change your eHarmony password Check if you have re-used your eHarmony password on any other websites and if so. Get a Crash Course in Writing from 2. I only remember one practical writing lesson from my three years as an English major: Whenever you can, put the.

Oh, and company engineers also protect users with 'state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.' The company recommended users choose passwords with eight or more characters that include upper- and lower-case letters, and that those passwords be changed regularly and not used across multiple sites. This post will be updated if eHarmony provides what we'd consider more useful information, including whether the cause of the breach has been identified and fixed and the last time the website had a security audit. Promoted Comments.

Security Editor Story Author. Im sorry but this lack of well any type of encryption for passwords is just stupid. Its not freaking hard people! Hell the functions are built into many of your database applications already. I just cant believe these massive companies are storing passwords, not only in a table along with normal user information (I think), but also are only hashing the data, no salt, no real encryption just a simple MD5 of SHA1 hash. What the hell.

Hell even 10 years ago it was not a good idea to store sensitive information un-encrypted. I have no words for this.

Just to be clear, there's no evidence that eHarmony stored any passwords in plaintext. The original post, made to a forum on password cracking, contained the passwords as MD5 hashes. Over time, as various users cracked them, many of the passwords published in follow-up posts, were converted to plaintext. So while many of the passwords that appeared online were in plaintext, there's no reason to believe that's how eHarmony stored them. 67 posts registered Jan 30, 2012.

The online dating site eHarmony confirmed late Wednesday that passwords for its members were exposed in a breach, a second major compromise following LinkedIn's password exposure. Higher engineering mathematics by bv ramana. 'After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,' Becky Teraoka, of eHarmony's corporate communications. EHarmony didn't say how many of its users may have been affected.

Forgot Eharmony Password

The website said it had reset the passwords. As with LinkedIn, eHarmony's exposed data is cryptographic representations of passwords called hashes, which are generated by an algorithm. But the hashes can be converted into the original password using free decoding software. The shorter the password, the higher the chance it can quickly be cracked. EHarmony's 1.5 million password hashes were released in a forum of a Russian password-cracking website called InsidePro, Ars Technica. Hackers on InsirePro asked for help cracking the password hashes, Ars reported.

But by late Wednesday, those threads on the forum appeared to have been deleted and were not available in Google's cache. LinkedIn confirmed on Wednesday that some of its passwords were compromised.

Security researchers put the figure at 6.5 million, although some of the password hashes were duplicates, bringing the number down to around 5.8 million. LinkedIn, which has not said how the breach occurred, is notifying people affected and resetting their passwords. Send news tips and comments to jeremykirk@idg.com.