Support 100 years of independent journalism.

  1. Business
12 June 2012updated 22 Oct 2020 3:55pm

Dating and music sites also get the hacker treatment

eHarmony.com and Last.fm next victims

By Steve Evans

Dating site eHarmony.com and music site Last.fm have both said they are the victims of hacking attacks that exposed user passwords, just days after LinkedIn admitted 6.5 million passwords had been stolen.

After reports first emerged on ArsTechnica, eHarmony confirmed in a statement on its site that around 1.5 million passwords had been compromised.

It appears the same hacker that targeted LinkedIn also hit eHarmony. A list of around 8 million passwords appeared on a Russian internet site earlier this week. Many were from LinkedIn but security experts discovered that many of the passwords also contained ‘eharmony’ or ‘harmony’ in them. It is worryingly common for people to use all or part of a service’s name when selecting a password.

“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” the statement said. “As a precaution, we have reset affected members passwords. Those members will receive an email with instructions on how to reset their passwords.”

“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. We deeply regret any inconvenience this causes any of our users,” the statement added.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

In another incident, UK music streaming service Last.fm also confirmed it was investigating a possible password breach.

Both sites warned users they would not send out any emails with links to password reset options as this is a tactic used in phishing emails. Users should instead go directly to the site and change their password that way.

These two incidents come just days after LinkedIn confirmed a hacker had leaked 6.5 million passwords. The business social network site said it had reset the password of all affected accounts.