Dating site eHarmony has confirmed that a "small fraction" of its user base have had their passwords compromised, but has offered no clues as to how the leak occurred.
In a blog post, Becky Teraoka, the site's corporate communications manager, said the firm has reset affected users' passwords and reiterated its commitment to internet security.
According to reports, the password hashes of around 1.5 million of the site's members are thought to have been published online for hackers to try and crack.
"Please be assured that eHarmony uses robust security measures, including password hashing and data encryption, to protect our members' personal information," she said.
"We also protect our networks with state-of-the-art firewalls, load balancers, SSL and other sophisticated security approaches.
"We deeply regret any inconvenience this causes any of our users," she concluded.
Graham Cluley, senior technology consultant at security vendor Sophos, told readers of his blog that he was disappointed by the post-leak guidance eHarmony has given its users.
"What really disappoints me is that eHarmony misse[d] an opportunity to tell its users explicitly that if they use the same password on other websites they must change their passwords there also," he wrote.
"As we've said many times, you shouldn't use the same password on multiple websites. Doing so is a recipe for disaster - because if you get hacked in one place, all of your other online accounts at other sites which use the same password could fall shortly afterwards," he concluded.
RSAC Conference 2025: The front line of cyber innovation
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job losses
