eHarmony confirms leak of their users’ passwords

News that an unknown individual leaked what appeared to be a batch of 6.5 million LinkedIn passwords on a Russian forum and asked for help in decrypting them spread like fire yesterday, and the users of the popular professional social network have been urged to change their passwords.

But alongside that batch another collection of passwords – containing 1.5 million unsalted MD5 hashes – was also leaked. The analysis of the already cracked passwords that were included pointed to the popular dating site eHarmony.

The speculation was confirmed later that day by Becky Teraoka, the Public Relations Manager at eHarmony, who wrote that “a small fraction” of their user base has been affected.

They reset the passwords for those members and have provided some tips on how to choose a good one.

But apart from offering very generic assurances about the site using “robust security measures” to protect their users’ personal information, no explanations about how the leaked passwords ended up in the hands of the aforementioned malicious individual were given.