eHarmony, LinkedIn Hacked: Millions of Passwords Leaked in Breach
Millions of web users' passwords are being reset after two popular websites were hit by hackers in a security breach, Reuters reports.
LinkedIn, a professional social-networking site, warned its 161 million users of the hacker attack Wednesday. eHarmony, an online dating site with more than 20 million users, announced it had also been hacked, apparently by the same person or group.
As many as 8 million passwords may have been compromised, according to Ars Technica. The encrypted passwords were posted on underground hacker forums with a request to help unscramble them. It's not clear if LinkedIn and eHarmony were the only sites attacked, Reuters reports.
Once a hacker obtains a user's password, the hacker could collect personal information from users' accounts. That could possibly set the stage for extortion, in which a hacker requests money in exchange for keeping secret a user's private information, one e-security researcher told Reuters.
"When somebody has the keys to your business and personal kingdom, that gives them all sorts of powerful information," the researcher said. "They might be able to use it for years."
Other security experts blamed poor data-protection policies for allowing the alleged hacker attacks. For example, LinkedIn's method of encrypting passwords allows a hacker to unscramble all passwords once they've figured out the encryption formula, experts told Reuters.
But the company appears to have recently implemented new password-protection methods, according to one LinkedIn engineer's blog post.
- eHarmony suffers password breach on heels of LinkedIn (CBS News)
- How can I protect my password(s)? (FindLaw)
- Woman Wins $900K in eHarmony Herpes Lawsuit (FindLaw's Injured)
- Companies Going After Ex-Employees' LinkedIn, Twitter Accounts (FindLaw's In House)