Hot on the heels of the LinkedIn passwords data swipe, the online dating website eHarmony is the latest website to confirm that "a small fraction" of member passwords have been stolen and leaked to the wild.

The passwords, like LinkedIn, are also secured using SHA1 encryption which can be broken eventually as evidenced in the latest update for the LinkedIn breach, which is already showing user accounts being used to send spam emails.

eHarmony corporate communications manager Becky Teraoka said in a statement:

After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members...
Teraoka added that a password reset has already taken place on the affected accounts, some 1.5 million according to SlashGear, which could save a little embarrassment for those people affected.

eHarmony also advised customers to update their password to “at least 8 characters, composed of lowercase and uppercase letters, numbers and symbols.” and added not to use the same password on different sites as well as advising to update it every few months.

The company didn't say how the passwords were acquired.

Posted: Jun 07, 2012 3:20 pm

Source: http://www.neowin.net/news/eharmony-confirms-breach-around-15m-passwords-stolen