Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

eHarmony dating site got hacked into, passwords stolen

Add to     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

February 11, 2011

Online dating site eHarmony is asking its users to change their passwords following the discovery of a security breach on its servers.

An SQL injection security vulnerability on a secondary site created a means for screen names, email addresses and hashed passwords to be extracted from the two sites, said the senior management at

The site's managers are in the process of advising a number of users to change their login credentials as a precaution, while maintaining there has been no breach on its main site and that what security issues there were only affected a small percentage of its members that used its advice site as per this statement:

"Some data was obtained without authorization from an ancillary informational site we operate outside of our network, eHarmony Advice, which uses completely separate databases and web servers than From one eHarmony Advice master database, the hacker was successful in obtaining a file that included full user names, email addresses and passwords. User names and passwords are needed to gain access to the message boards on the eHarmony Advice site."

"Please be assured that eHarmony uses robust Internet security measures, including password hashing and full data encryption, to protect our members’ personal information. We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches. As a result, at no point during this attack did the hacker successfully get inside our eHarmony network."

"In addition, please note that there was very little overlap between the eHarmony Advice data obtained and the data that resides within our other Web properties. We have taken swift and appropriate steps to remedy the situation and have notified any potentially affected customers, who comprise an extremely small fraction of our total user base. We deeply regret any inconvenience this causes any of our users."

Possible Internet security issues involving the eHarmony network were discovered some weeks ago by the same Argentinian hacker, Chris Russo, who got into an argument with rival dating site over the disclosure of similar security holes on that site last week.

Brian Krebs found that someone using the moniker ‘Provider’ was offering to sell what purported to be a copy of eHarmony’s compromised database for between US $2,000 and US $3,000 via underground carding forums. Krebs suspects Provider is either Russo or a business associate of Russo.

Both eHarmony’s chief technology officer Joseph Essas and chief exec Markus Frind accuse Russo of running a fraudulent shakedown, reporting problems with the sites and then offering to fix them in return for a consultancy fee.

Essas blamed third party libraries that eHarmony used for content management on its advice site for breach. Aziz Maakaroun, business development director at vulnerability management specialist Outpost 24, said the timing of the news of the breach, days before Valentine's Day, could hardly come at a worse time for eHarmony.

“In the run up to Valentine’s Day, the timing of this purported breach could be fairly disastrous for dating websites, especially eHarmony," Maakaroun said. "For any existing customer, being told that your details have potentially been hacked is hardly an aphrodisiac."

Maakaroun added that the use of Internet application scanning tools and more specifically, port scanners can easily help identify and correct the most common types of security vulnerabilities eHarmony suffered from this attack.

Add to     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter


Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Do it right this time. Click here and we will take good care of you!

Get your Linux or Windows dedicated server today.