Online dating giant eHarmony has begun urging its users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information.
Chris Russo, a security researcher, and Brian Krebs, author of the KrebsOnSecurity blog contacted eHarmony’s corporate offices to alert them of the potential exploit to the eHarmony database, where email addresses and passwords may have been compromised. However, Joseph Essas, chief technology officer at eHarmony, continues to deny it claiming, “Despite his reports to you, we have found no evidence to suggest that Russo has successfully compromised at the network level our corporate email and eHarmony site environments.”
Essas, who believes Russo is engaging in fraudulent efforts to obtain money from the company, mentioned that “in addition to continuing to assess the situation, we are taking some proactive precautionary measures,” without being specific what those measures may be. However, on Wednesday evening, Kerbs heard from an eHarmony user who said she had just received an email from the company urging her to change her password.
The two have been monitoring the vulnerabilities in eHarmony since December of last year. They were able to verify the exploit through Carder.biz, an online forum that enables cyber crooks to engage in a variety of shady transactions, where a seller using the nickname “Provider”, claims to have access to “different parts of the [eHarmony] infrastructure,” including a compromised database and e-mail channels. Provider was offering this information for prices ranging from $2,000 to $3,000.
In the same carder.biz forum, the hacker is also advertising data from other popular websites such as diversitybusiness.com, pixmania.com and eidos.com, which he or his associates may have hacked as well.