The story surrounding the LinkedIn password leak has focused on the professional networking social network because a majority of the more than 6.4 million passwords stolen were for LinkedIn. However, it has been discovered that a minority of the passwords were also from the dating website eHarmony. The company confirmed the situation in a post on the eHarmony blog:
The security of our customers’ information is extremely important to us, and we do not take this situation lightly.
After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected.
eHarmony has taken steps similar to those taken by LinkedIn to remedy the situation. The company has reset the passwords to affected accounts and sent an email to those members detailing how to reactivate their accounts. eHarmony also threw out a few password security tips similar to the ones given by LinkedIn yesterday, including using long passwords with varying types of characters, changing passwords every few months, and using different passwords for each service used.
The eHarmony passwords were the same type of unencrypted hash as the LinkedIn passwords. LinkedIn announced in its response to the matter that it has recently begun encrypting the hashes their passwords are kept in. eHarmony also emphasized its security measures, but did not go into detail. From the blog post:
Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.
eHarmony reiterated in the post that it "deeply regret[s]" any inconvenience the ordeal has caused users.