The company says it is continuing to look into the issue but has taken the precautionary move of resetting the passwords of accounts that could be compromised, having informed the affected users of the breach via email.
The data grab is believed to have been run by the same hacker than grabbed 6.5 million LinkedIn users’ passwords and, as Ars Technica explains, as many of 1.5 million encrypted passwords from the dating service may have been compromised.
The exact number of passwords stolen, and the potential threat, is unclear as the hacker dumped a series of encrypted passwords online without user names, before seeking help from online forums to decode them.
The hacker published some 8 million encrypted passwords. With 6.5 million said to account for LinkedIn users, the remainder — a number of which include strings relating to ‘harmony’ or ‘eharmony’ — are thought to belong to users of the dating site.
Though the information included passwords only, it is likely that the hacker has the corresponding account names so, as both LinkedIn and eHarmony advise, users of both services are recommended to change their passwords on the sites.