eHarmony admits to leaking 1.5 million passwords
Dating site eHarmony has admitted that its password database has been compromised, with around 1.5 million hashed passwords being found in the wild. The leaked database that appeared in public contained unsalted MD5 hashed passwords and was reported to not contain any identifying usernames or email addresses.
According to reports, the password hashes were posted to a forum where a user asked for help in cracking the hashes. This help was collectively given by the forum members who were then reportedly given the LinkedIn hashed passwords to work on. It is possible that the person who provided the uncracked password list has a copy of the passwords complete with identifying information.
eHarmony described the 1.5 million passwords as a "small fraction" of its user base. As with LinkedIn's admission, eHarmony gave no details of how the passwords were leaked and says it is continuing to investigate what happened. Unlike LinkedIn, it gave no assurances that it had or will be updating the way it stores passwords.