There are reports that popular dating site eHarmony has been hacked, yet a post on the site's official blog proclaims "eHarmony.com NOT Hacked."
Obviously something happened, but what? And how do you know if you're affected?
According to the information pieced together by security watchdog Brian Krebs, there was in fact a security compromise, but the main eHarmony site was most likely not affected. Instead the databases of eHarmony Advice — a smaller, secondary site focused on relationship advice — were hacked.
A statement on the official eHarmony blog confirms this analysis:
Some data was obtained without authorization from an ancillary informational site we operate, eHarmony Advice, which uses completely separate databases and web servers than eHarmony.com. From one eHarmony Advice database, the hacker obtained a file that included user names, email addresses and hashed passwords. User names and passwords are needed to gain access to the message boards on the eHarmony Advice site. Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. As a result, at no point during this attack did the hacker successfully get inside our eHarmony network. In addition, please note that there was very little overlap between the eHarmony Advice data obtained and the data that resides within other properties. We have taken appropriate steps to remedy the situation and have notified any potentially affected customers, who comprise an extremely small fraction of our total eHarmony.com user base (less than 0.05 percent).
So what does all of this mean to you, an eHarmony user?
It means that you should go change your passwords if you've ever used eHarmony Advice — especially if you happen to use the same password for more than one website.
It also means that you should use the situation as a reminder to think about your general password security practices. Are you using easily crackable passwords and forgetting to change them regularly? Stop it!
Create complex passwords which use letters, numbers, and symbols and leave yourself a note to change them about once a month or so. It's an annoying chore now, but it might just save you a lot of headaches in the future.
Related stories:
- Online dating stats will tell you if you'll score
- Assange's OKCupid profile: You're not good enough
- Your Facebook profile could be one of 250,000 on 'dating' site
Rosa Golijan writes about tech here and there. If she wasn't obsessed with Twitter, she'd tell you to go like her on Facebook.