Dating site eHarmony.com and music site Last.fm have both said they are the victims of hacking attacks that exposed user passwords, just days after LinkedIn admitted 6.5 million passwords had been stolen.
After reports first emerged on ArsTechnica, eHarmony confirmed in a statement on its site that around 1.5 million passwords had been compromised.
It appears the same hacker that targeted LinkedIn also hit eHarmony. A list of around 8 million passwords appeared on a Russian internet site earlier this week. Many were from LinkedIn but security experts discovered that many of the passwords also contained ‘eharmony’ or ‘harmony’ in them. It is worryingly common for people to use all or part of a service’s name when selecting a password.
“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” the statement said. “As a precaution, we have reset affected members passwords. Those members will receive an email with instructions on how to reset their passwords.”
“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. We deeply regret any inconvenience this causes any of our users,” the statement added.
In another incident, UK music streaming service Last.fm also confirmed it was investigating a possible password breach.
Both sites warned users they would not send out any emails with links to password reset options as this is a tactic used in phishing emails. Users should instead go directly to the site and change their password that way.
These two incidents come just days after LinkedIn confirmed a hacker had leaked 6.5 million passwords. The business social network site said it had reset the password of all affected accounts.