Feb 102011
 

Brian Krebs writes:

Online dating giant eHarmony has begun urging many users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. The individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.

[…]

Joseph Essas, chief technology officer at eHarmony, said Russo found a SQL injection vulnerability in one of the third party libraries that eHarmony has been using for content management on the company’s advice site – advice.eharmony.com. Essas said there were no signs that accounts at its main user site — eharmony.com — were affected.

“The SQL dump contained screen names, email addresses, and hashed passwords for account login on the Advice site.”

Read more on KrebsonSecurity.com

Sorry, the comment form is closed at this time.