Online dating site eHarmony is advising some of its customers to change their passwords due to a security breach.
A hacker employed an SQL injection vulnerability in an ancillary site that eHarmony operates for content management. The hacker obtained a file that included user names, e-mail addresses, and "hashed passwords," eHarmony said. The breach--first reported today on the Krebs on Security blog--affected an informational site called eHarmony Advice, which includes message boards that require eHarmony user names and passwords to access.
The dating service's main site uses separate databases and Web servers, and "at no point … Read more