Feb. 11, 2011 at 10:24 AM ET
Obviously something happened, but what? And how do you know if you're affected?
According to the information pieced together by security watchdog Brian Krebs, there was in fact a security compromise, but the main eHarmony site was most likely not affected. Instead the databases of eHarmony Advice — a smaller, secondary site focused on relationship advice — were hacked.
A statement on the official eHarmony blog confirms this analysis:
Some data was obtained without authorization from an ancillary informational site we operate, eHarmony Advice, which uses completely separate databases and web servers than eHarmony.com. From one eHarmony Advice database, the hacker obtained a file that included user names, email addresses and hashed passwords. User names and passwords are needed to gain access to the message boards on the eHarmony Advice site.
Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. As a result, at no point during this attack did the hacker successfully get inside our eHarmony network.
In addition, please note that there was very little overlap between the eHarmony Advice data obtained and the data that resides within other properties. We have taken appropriate steps to remedy the situation and have notified any potentially affected customers, who comprise an extremely small fraction of our total eHarmony.com user base (less than 0.05 percent).
So what does all of this mean to you, an eHarmony user?
It means that you should go change your passwords if you've ever used eHarmony Advice — especially if you happen to use the same password for more than one website.
It also means that you should use the situation as a reminder to think about your general password security practices. Are you using easily crackable passwords and forgetting to change them regularly? Stop it!
Create complex passwords which use letters, numbers, and symbols and leave yourself a note to change them about once a month or so. It's an annoying chore now, but it might just save you a lot of headaches in the future.