LinkedIn, eHarmony User Passwords Compromised

Hackers recently raided the LinkedIn and eHarmony Web sites and published user password information, software security researchers said this week.

A file containing 6,458,020 hashed user passwords for the professional social networking site LinkedIn was released on a Russian hacker message board earlier this week. Researchers at Sophos indicated that, by yesterday afternoon, 60 percent of the passwords had already been cracked and were presented in a plain text document online late yesterday evening.

The published password lists did not contain user names. However, LinkedIn announced that it has denied access to accounts affected. The company sent e-mails prompting users to immediately change their passwords. Vicente Silveira, director at LinkedIn, said that the company has already taken steps to avoid a similar situation like this one in the future. 

"It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," wrote Silveira, in a blog post.

It remained unclear why LinkedIn's recent security enhancements, as noted by Silveira, were unable to stop the breach, which Rapid7 security expert Marcus Carey told Computerworld could have happened sometime in the last week. Carey added that, based on evidence he had gathered, the hackers responsible for the breach may still have access to LinkedIn's database.

News also surfaced late yesterday evening that an undisclosed amount of passwords for the online dating site eHarmony were leaked. The company discovered this security problem after checking its own databases following the LinkedIn leak.

"After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members," the company stated, in an announcement on its Web site.

The announcement indicated that eHarmony had taken similar steps as LinkedIn and has reset the affected members' passwords.

What makes hacks of social networking sites so alarming is the amount of personal information users store on them, said ESET security researcher Cameron Camp.

"The difference with this hack, as opposed to many others, is that people put their real information about themselves -- their professional information -- on the site, not just what party they plan on attending, or which games they are playing, which you might see on other networks like Facebook," wrote Camp, in a blog post.

Because of the constant interaction on social networking sites, users tend to be much more honest and in-depth when sharing information, compared with other online activities. This honesty makes databases like LinkedIn and eHarmony a goldmine of useable information, Camp said.

While not all users of eHarmony and LinkedIn are affected, it's a good idea for all members to change their passwords immediately.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Shifting Away from Office 365 Brand Name in April

    Microsoft on Monday announced coming product naming changes, where "Office 365" is mostly getting replaced by the "Microsoft 365" brand.

  • Microsoft Grows Services Amid COVID-19

    Microsoft in a Saturday announcement recapped how its services have been affected by "shelter-in-place" governmental mandates in the last week, providing details on growth stats and prioritizations.

  • Microsoft Adds 6 More Months to Expiring Certification Programs

    Microsoft has announced an extension to the end date of three certification programs slated for retirement.

  • Microsoft's Surface Pro X: It's Like the Surface RT, But Better

    There's a lot about the Surface Pro X that's reminiscent of the ill-fated Surface RT. But despite the similarities, this might just be one of the rare cases where the sequel is better than the original.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.