The online dating site eHarmony announced Wednesday that passwords for some of its members have been leaked, making it the second major social network site to announce the theft of user passwords in the last 24 hours.
According to an entry posted on the eHarmony Blog, the company reset the affected users’ passwords and promised it would send users an email instructing them on how to create new passwords. Much like LinkedIn did yesterday; eHarmony provided its users with tips for creating robust and secure new passwords.
In the blog post, eHarmony says its users’ passwords were hashed and that the company’s networks were fortified with firewalls and load balancers along with SSL encryption.
The dating site claims to have over 20 million registered online users, an ArsTechnica post yesterday estimates that only a fraction of those users, roughly 1.5 million, had their passwords implicated in the leak.
Last.fm, a music website that allows users to listen to personalized radio stations and share their listening history also announced Thursday it was looking into a leak of its users’ passwords. In a post to its website, the CBS subsidiary encouraged all of its users to change their password as a precautionary measure.
Last.fm didn’t specify whether its users’ passwords were hashed and salted or how many of its users might be implicated by the potential leak. The company didn’t immediately reply to requests for comment on Thursday.
The two leaks follow LinkedIn’s announcement yesterday that some of its users’ passwords were compromised. Reports claim a cache of over six million users’ hashed, unsalted passwords found its way onto a Russian forum earlier this week. The companies have yet to explain how its users’ information was breached. It claims that going forward that all passwords will be hashed and salted.
