Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

LinkedIn & eHarmony Confirm Passwords Were Hacked

by Josh Kirschner on June 07, 2012

Professional networking site LinkedIn and dating site eHarmony confirmed yesterday that millions of user passwords have been stolen from their databases and posted on the Internet. If you are a user of either of these services, it's critical that you change your password immediately on these sites, as well as any other sites for which you use the same password, especially for email, banking or other sensitive data.

The breach was identified when the hacker(s) posted the list of 8 million encrypted passwords to a hacker forum for help with breaking the encryption code. Sophos security is reporting that more than 60% of the passwords have already been cracked.

Worse, while the 8 million passwords posted represent only a small portion of the total users of the sites, some security experts suspect that the hacker(s) may have access to the full password list and only posted those that they were having difficulty cracking. Rick Redman, a security consultant for Kore Logic Security told Ars Technica, "It's pretty obvious that whoever the bad guy was cracked the easy ones and then posted these, saying, 'These are the ones I can't crack.'"

How did this happen? Well, how the hacker got access to the data isn't known. However, the ability to easily hack the passwords is due to poor data security measures at each of the companies.

In the case of LinkedIn, passwords were encrypted, but they were not using "salting" to introduce random characters into the encryption and make them harder to break. LinkedIn has since corrected this weakness and all new passwords will be salted and encrypted..

eHarmony also was apparently using weak encryption policies and still doesn't appear to understand the steps required to secure your information properly. In a post on the eHarmony blog, they are recommending users reset their passwords and provide tips for creating a strong password. But to be absolutely clear, this hack has nothing to do with users creating weak passwords—even the strongest password is useless if the company storing your password doesn't protect it properly. The eHarmony blog is silent on what steps they are taking to improve their own security. 

Given the serious nature of this breach, I recommend that all users of LinkedIn and eHarmony change your passwords immediately, even if you have not been notified that your password was one of those stolen. If you share the password with other sites, you should change it on those sites as well.

Because eHarmony has yet to adequately address the security measures they are putting in place to protect this breach from happening again, you should consider any password and personal information you post to eHarmony as insecure.


Topics

Computers and Software, News, Computer Safety & Support, Blog


Discussion loading

gravatar

From Elizabeth on June 07, 2012 :: 12:35 pm


And not eHarmony or Linked In?

I’ve been on Linked In yesterday and today and there is not one word about this.

It’s frustrating that these sites can’t get the word to us faster than you can.

Reply

gravatar

From Josh Kirschner on June 07, 2012 :: 10:18 pm


We’re wondering the same thing and have reached out to LinkedIn for comment.

Reply

gravatar

From Mike on June 07, 2012 :: 10:27 pm


If you want your website to be secure, it is best to use Ultimate Web Builder software - http://www.redesigns.org/web-builder .  It uses encryption plus salting for passwords, as well as other security features.

Regarding a secure dating website to use that is really cool and awesome too - and free! - best is Friends Match Me - http://www.friendsmatchme.com .  It is a free Facebook dating app too, and does not store your passwords.

Reply

gravatar

From Alan on June 10, 2012 :: 2:30 pm


Tried to log in this evening. Still asked for a password. What gives?

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.