Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

author photo

LinkedIn & eHarmony Confirm Passwords Were Hacked

by on June 07, 2012
in Computers and Software, News, Computer Safety & Support, Blog :: 4 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Professional networking site LinkedIn and dating site eHarmony confirmed yesterday that millions of user passwords have been stolen from their databases and posted on the Internet. If you are a user of either of these services, it's critical that you change your password immediately on these sites, as well as any other sites for which you use the same password, especially for email, banking or other sensitive data.

The breach was identified when the hacker(s) posted the list of 8 million encrypted passwords to a hacker forum for help with breaking the encryption code. Sophos security is reporting that more than 60% of the passwords have already been cracked.

Worse, while the 8 million passwords posted represent only a small portion of the total users of the sites, some security experts suspect that the hacker(s) may have access to the full password list and only posted those that they were having difficulty cracking. Rick Redman, a security consultant for Kore Logic Security told Ars Technica, "It's pretty obvious that whoever the bad guy was cracked the easy ones and then posted these, saying, 'These are the ones I can't crack.'"

How did this happen? Well, how the hacker got access to the data isn't known. However, the ability to easily hack the passwords is due to poor data security measures at each of the companies.

In the case of LinkedIn, passwords were encrypted, but they were not using "salting" to introduce random characters into the encryption and make them harder to break. LinkedIn has since corrected this weakness and all new passwords will be salted and encrypted..

eHarmony also was apparently using weak encryption policies and still doesn't appear to understand the steps required to secure your information properly. In a post on the eHarmony blog, they are recommending users reset their passwords and provide tips for creating a strong password. But to be absolutely clear, this hack has nothing to do with users creating weak passwords—even the strongest password is useless if the company storing your password doesn't protect it properly. The eHarmony blog is silent on what steps they are taking to improve their own security. 

Given the serious nature of this breach, I recommend that all users of LinkedIn and eHarmony change your passwords immediately, even if you have not been notified that your password was one of those stolen. If you share the password with other sites, you should change it on those sites as well.

Because eHarmony has yet to adequately address the security measures they are putting in place to protect this breach from happening again, you should consider any password and personal information you post to eHarmony as insecure.


Discussion loading

Why are you telling us this?

From Elizabeth on June 07, 2012 :: 12:35 pm

And not eHarmony or Linked In?

I’ve been on Linked In yesterday and today and there is not one word about this.

It’s frustrating that these sites can’t get the word to us faster than you can.

Reply

Good question!

From Josh Kirschner on June 07, 2012 :: 10:18 pm

We’re wondering the same thing and have reached out to LinkedIn for comment.

Reply

Secure website builder software

From Mike on June 07, 2012 :: 10:27 pm

If you want your website to be secure, it is best to use Ultimate Web Builder software - http://www.redesigns.org/web-builder .  It uses encryption plus salting for passwords, as well as other security features.

Regarding a secure dating website to use that is really cool and awesome too - and free! - best is Friends Match Me - http://www.friendsmatchme.com .  It is a free Facebook dating app too, and does not store your passwords.

Reply

Linkedin Passwords Hacked

From Alan on June 10, 2012 :: 2:30 pm

Tried to log in this evening. Still asked for a password. What gives?

Reply

Love getting helpful tech tips? Subscribe to our free newsletter!

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.