EHarmony, the popular online dating site, was the target of a password hacking attack that resulted in 1.5 million stolen passwords, most of which have been cracked.
The attack is believed to be by the same hacker who stole 6.5 million passwords from LinkedIn, the career-oriented social network.
The hacker posted two lists containing the 8 million passwords on the website insidepro.com, on which the user goes by the name of "dwdm."
The larger list contained some passwords LinkedIn has now confirmed as belonging to its social network. and a significant number of the passwords on the smaller list contained the words "eHarmony" or "harmony," according to Ars Technica.
EHarmony has confirmed that some of its passwords were stolen. The company announced the news in a blog, but did not say how many passwords were stolen. The dating site reset passwords for compromised accounts and emailed those users with instructions on how to reset their passwords.
The user posted the list of hashed passwords online and asked peers for help cracking them. The passwords were not salted -- which is an extra form of security that can be added on top of hashing passwords -- allowing dwdm's peers to help crack the vast majority of the passwords. Ars Technica reports that only about 98,000 passwords are still secure.
Ars Technica reports that the lists only contains passwords and not actual logins, which makes the passwords useless even if cracked, but in all likelihood, the hacker also has the logins.
If you are a user of LinkedIn or eHarmony, your best bet is to change your password. If you also use the same login/password combination for any other sites, the most secure thing you can do is change your password on those sites as well.