Just in time for Valentine’s Day, the popular online dating site eHarmony announced that it’s been hacked. A number of usernames, e-mail addresses and passwords were stolen, according to a company press release.
The breach occurred on eHarmony Advice, a dating advice site that is walled off from the rest of the eHarmony website and that “uses completely separate databases and web servers than eHarmony.com,” according to the release.
The hacker may have been working at this for several months. Brian Krebs, a former Washington Post reporter who now runs the blog Krebs on Security.com, writes that in December an Argentine man named Chris Russo claimed he had found vulnerabilities in eHarmony’s network that allowed him to see the passwords and other information of tens of thousands of the website’s users. Krebs says he passed the information on to eHarmony, but got no response.
Then, Krebs got a tip that eHarmony had been hacked. He checked out various sites where hackers try to sell stolen information, and found that someone using the name “Provider” was selling access to different parts of eHarmony’s website for between $2,000 and $3,000.
Krebs called Russo, who said he wasn’t responsible, but maybe one of his “associates” was.
Less than .05% of eHarmony’s users were possibly affected by the breach, according to the press release. The company is sending e-mails alerting those people to the problem and urging them to change their account passwords.
[Featured product: Concerned about ID theft? Shop for ID theft protection products on Credit.com.]
Image: David Goehring, via Flickr.com
Business Insider Emails & Alerts
Site highlights each day to your inbox.