LinkedIn, eHarmony Hacked; Millions of Passwords Stolen
Researchers say a stash of what appear to be LinkedIn passwords were protected by a weak security scheme. (IMAGE: LINKEDIN / June 7, 2012)
The attack is believed to be by the same hacker who stole 6.5 million passwords from LinkedIn, the career-oriented social network.
The hacker posted two lists containing the 8 million passwords on the website insidepro.com, on which the user goes by the name of "dwdm." Sign up for Q13 FOX News Daily
The larger list contained some passwords LinkedIn has now confirmed as belonging to its social network. and a significant number of the passwords on the smaller list contained the words "eHarmony" or "harmony," according to Ars Technica.
EHarmony has confirmed that some of its passwords were stolen. The company announced the news in a blog, but did not say how many passwords were stolen. The dating site reset passwords for compromised accounts and emailed those users with instructions on how to reset their passwords.
The user posted the list of hashed passwords online and asked peers for help cracking them. The passwords were not salted -- which is an extra form of security that can be added on top of hashing passwords -- allowing dwdm's peers to help crack the vast majority of the passwords. Ars Technica reports that only about 98,000 passwords are still secure.
Ars Technica reports that the lists only contains passwords and not actual logins, which makes the passwords useless even if cracked, but in all likelihood, the hacker also has the logins.
If you are a user of LinkedIn or eHarmony, your best bet is to change your password. If you also use the same login/password combination for any other sites, the most secure thing you can do is change your password on those sites as well.