LinkedIn, eHarmony User Passwords Compromised

Hackers recently raided the LinkedIn and eHarmony Web sites and published user password information, software security researchers said this week.

A file containing 6,458,020 hashed user passwords for the professional social networking site LinkedIn was released on a Russian hacker message board earlier this week. Researchers at Sophos indicated that, by yesterday afternoon, 60 percent of the passwords had already been cracked and were presented in a plain text document online late yesterday evening.

The published password lists did not contain user names. However, LinkedIn announced that it has denied access to accounts affected. The company sent e-mails prompting users to immediately change their passwords. Vicente Silveira, director at LinkedIn, said that the company has already taken steps to avoid a similar situation like this one in the future. 

"It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases," wrote Silveira, in a blog post.

It remained unclear why LinkedIn's recent security enhancements, as noted by Silveira, were unable to stop the breach, which Rapid7 security expert Marcus Carey told Computerworld could have happened sometime in the last week. Carey added that, based on evidence he had gathered, the hackers responsible for the breach may still have access to LinkedIn's database.

News also surfaced late yesterday evening that an undisclosed amount of passwords for the online dating site eHarmony were leaked. The company discovered this security problem after checking its own databases following the LinkedIn leak.

"After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members," the company stated, in an announcement on its Web site.

The announcement indicated that eHarmony had taken similar steps as LinkedIn and has reset the affected members' passwords.

What makes hacks of social networking sites so alarming is the amount of personal information users store on them, said ESET security researcher Cameron Camp.

"The difference with this hack, as opposed to many others, is that people put their real information about themselves -- their professional information -- on the site, not just what party they plan on attending, or which games they are playing, which you might see on other networks like Facebook," wrote Camp, in a blog post.

Because of the constant interaction on social networking sites, users tend to be much more honest and in-depth when sharing information, compared with other online activities. This honesty makes databases like LinkedIn and eHarmony a goldmine of useable information, Camp said.

While not all users of eHarmony and LinkedIn are affected, it's a good idea for all members to change their passwords immediately.

About the Author

Chris Paoli is the site producer for and


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.