BreachExchange mailing list archives
eHarmony confirms its members' passwords were posted online, too
From: security curmudgeon <jericho () attrition org>
Date: Thu, 7 Jun 2012 00:51:59 -0500 (CDT)
http://arstechnica.com/security/2012/06/eharmony-confirms-member-passwords-compromise/ eHarmony confirms its members' passwords were posted online, too Vague post leaves unanswered questions about dump of 1.5 million passwords. by Dan Goodin - Jun 7, 2012 3:00 am UTC Online dating site eHarmony has confirmed that a massive list of passwords posted online included those used by its members. "After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected," company officials said in a blog post published Wednesday evening. The company didn't say what percentage of 1.5 million of the passwords, some appearing as MD5 cryptographic hashes and others converted into plaintext, belonged to its members. The confirmation followed a report first brought by Ars that a dump of eHarmony user data preceded a separate dump of LinkedIn passwords. eHarmony's blog also omitted any discussion of how the passwords were leaked. That's unsettling, because it means there's no way to know if the lapse that exposed member passwords has been fixed. Instead, the post repeated mostly meaningless assurances about the website's use of "robust security measures, including password hashing and data encryption, to protect our members. personal information." Oh, company engineers also protect users with "state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches." [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- eHarmony confirms its members' passwords were posted online, too security curmudgeon (Jun 07)