eHarmony Hacked

Brian Krebs writes:

Online dating giant eHarmony has begun urging many users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. The individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.

[…]

Joseph Essas, chief technology officer at eHarmony, said Russo found a SQL injection vulnerability in one of the third party libraries that eHarmony has been using for content management on the company’s advice site – advice.eharmony.com. Essas said there were no signs that accounts at its main user site — eharmony.com — were affected.

“The SQL dump contained screen names, email addresses, and hashed passwords for account login on the Advice site.”

Read more on KrebsonSecurity.com

About the author: Dissent