Support 100 years of independent journalism.

  1. Business
12 June 2012updated 22 Oct 2020 3:55pm

Dating and music sites also get the hacker treatment

eHarmony.com and Last.fm next victims

By Steve Evans

Dating site eHarmony.com and music site Last.fm have both said they are the victims of hacking attacks that exposed user passwords, just days after LinkedIn admitted 6.5 million passwords had been stolen.

After reports first emerged on ArsTechnica, eHarmony confirmed in a statement on its site that around 1.5 million passwords had been compromised.

It appears the same hacker that targeted LinkedIn also hit eHarmony. A list of around 8 million passwords appeared on a Russian internet site earlier this week. Many were from LinkedIn but security experts discovered that many of the passwords also contained ‘eharmony’ or ‘harmony’ in them. It is worryingly common for people to use all or part of a service’s name when selecting a password.

“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” the statement said. “As a precaution, we have reset affected members passwords. Those members will receive an email with instructions on how to reset their passwords.”

“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. We deeply regret any inconvenience this causes any of our users,” the statement added.

Sign up for The New Statesman’s newsletters Tick the boxes of the newsletters you would like to receive. Quick and essential guide to domestic and global politics from the New Statesman's politics team. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s global affairs newsletter, every Monday and Friday. A handy, three-minute glance at the week ahead in companies, markets, regulation and investment, landing in your inbox every Monday morning. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A weekly dig into the New Statesman’s archive of over 100 years of stellar and influential journalism, sent each Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

In another incident, UK music streaming service Last.fm also confirmed it was investigating a possible password breach.

Both sites warned users they would not send out any emails with links to password reset options as this is a tactic used in phishing emails. Users should instead go directly to the site and change their password that way.

These two incidents come just days after LinkedIn confirmed a hacker had leaked 6.5 million passwords. The business social network site said it had reset the password of all affected accounts.