Privacy Alert: eHarmony Advice Site Hacked

By Katie Kindelan Comment

If you have been trolling the Web for a love match in the rush to Valentine’s Day, you may want to pay attention to this headline splashed across tech blogs: Has the dating site eHarmony been hacked? And the answer is, well, it depends on exactly which eHarmony you mean.

Rumors of an attack on the popular dating site first surfaced after a blog posting from tech reporter Bryan Krebs revealed a security vulnerability in a third party library used by eHarmony for content management, potentially endangering user information.

Quick to do damage control to protect its flagship site, eHarmony reassured its members that it was not the eHarmony dating site that had been attacked, but a sister site called eHarmony Advice.

The hacker did gain access to user names, email addresses and passwords for those using eHarmony Advice message boards, however, according to an official statement from the site:

“Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. As a result, at no point during this attack did the hacker successfully get inside our eHarmony network.”

Beneath the blaring headline, “ NOT Hacked,” the company further clarified:

“In addition, please note that there was very little overlap between the eHarmony Advice data obtained and the data that resides within other properties. We have taken appropriate steps to remedy the situation and have notified any potentially affected customers, who comprise an extremely small fraction of our total user base (less than 0.05 percent).”

Krebs reportedly learned of the potential security problems with eHarmony through an Argentinean hacker named Chris Russo. Krebs’ further reporting discovered an online forum offering “access to ‘different parts of the [eHarmony] infrastructure,'” for $2,000 to $3,000. Russo eventually admitted to Krebs it was possible that an associate of his put the eHarmony data online.

eHarmony is said to have already contacted and advised the “small number of users” affected to change their login credentials as a precaution.