LinkedIn and eHarmony users now have more in common than desperate searches for new relationships: Stolen passwords. eHarmony, a romance-oriented dating site, said today that its users’ passwords were also posted on a Russian hacker forum along with lists of passwords for LinkedIn, a job-oriented dating site.
The confirmation came after Ars Technica reported finding eHarmony passwords in the LinkedIn password list:
Based on the plaintext passwords that have been cracked so far, they appear to belong to users of a popular dating website, possibly eHarmony. A statistically significant percentage of users regularly pick passcodes that identify the site hosting their account. At least 420 of the passwords in the smaller list contain the strings "eharmony" or "harmony."
eHarmony hasn't offered many details about the incident. A post on its blog says, “After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected.” However, Sophos’ NakedSecurity blog reports the hashes of at least 1.5 million eHarmony passwords were hacked.
Yesterday LinkedIn confirmed a hacker stole the hashed passwords of 6.46 million users. Those passwords were then posted on a Russian web forum, InsidePro, where hackers are being encouraged to help decipher the reportedly unsalted SHA-1 hashes.
That was the second security problem of the day for LinkedIn. Earlier its mobile application was found to be transmitting information from users’ calendar apps, including full meeting notes, locations, participants, passwords and dial-in phone numbers, in plain text. The mobile application problem was identified by researchers Yair Amit and Adi Sharabani of Skycure Security who announced it at a cybersecurity conference in Tel Aviv yesterday.
This is all good news for Facebook, since it has effectively diverted attention from its ever-shrinking stock price. In case you are unaware, Facebook stock closed yesterday at 26.81, down 30 percent from its opening price.