Jun 7, 2012

Use eHarmony? Time to Update That Password, Too


It's that time again, folks. Time to update another password. Popular matchmaking site eHarmony announced last night that it too has suffered a breach, confirming that the passwords of a "small fraction" of its user base have been compromised.

Want to test if yours was one of them? Find out here: https://lastpass.com/eharmony. Whether or not yours made the list, though, we highly recommend you update your password. The LastPass security challenge can also help you identify duplicate or weak passwords for other accounts.

You can use LastPass to login to your eHarmony account, go to your account settings page, and update the password to a new, randomly generated one using the LastPass password generator, located in the Tools menu in the LastPass Icon. LastPass helps automate the process by filling in your old password and confirming the update to your stored eHarmony account when you've saved the new password.

The eHarmony hack was reportedly perpetrated by the same Russian hacker who uploaded 6.46 million LinkedIn stolen password hashes Wednesday, June 6. According to Ars Technica, the hacker, who uses the name "dwdm", also posted the list of compromised eHarmony accounts.

According to their blog, affected eHarmony members have had their password reset, and will receive an email with additional instructions on updating their account. Of the leaked list, we can confirm that 1,229,054 hashes were already cracked, and we predict that they'll be cracked in their entirety soon.

Given that most of the password hashes do not correspond to the standard list of "bad passwords", eg dictionary words, it's probable that the person has only released the data for the harder-to-guess passwords in a bid to have them cracked.

As we said above, no one should be taking their chances - everyone should update their passwords, and use this as an opportunity to look over all of their online accounts to ensure they are using strong, unique passwords everywhere. The LastPass security challenge will give you a good starting point, and you can then use the LastPass password generator to start better securing your online life.

The LastPass Team

4 comments:

  1. "we highly recommend you update your master password"

    master? Typo, I expect.

    ReplyDelete
    Replies
    1. Nope, eHarmony account password, it's been changed. Thanks for pointing out the error.

      Delete
  2. I'm willing to bet that at some point before using lastpass I had an account with them. to reset your password with them they ask for the zip code listed. I have no idea where I would have been living let alone the zip code there anymore. Do you guys have a contact for them that might allow account recovery/deletion?

    ReplyDelete