Looking for a way to see if your eHarmony password was among the 1.5 million compromised on Wednesday? Password management firm LastPass has rolled out a quick and easy way to see if you’re a victim of the dating site’s security breach.
LastPass, the same company that introduced a secure tool to check if your LinkedIn password was among the 6.5 million compromised yesterday, has created a similar platform at LastPass.com/eHarmony.
After typing your eHarmony password into LastPass’s tool, the service computes its SHA-1 hash and sends the result to LastPass.com. It then searches the list of 1.5 leaked eHarmony password hashes.
All that’s communicated to LastPass is the hash’s result of the one-way function performed on the password that a user enters in that box,” a LastPass spokesperson told Mashable. “So let’s say you enter ‘password1.’ You enter it and the tool performs the hashing algorithm. The hash is then sent to LastPass, and if a match is found in the database (of the 1.5 leaked hashes) on our end, we report back a message saying that your password was compromised.”
LastPass confirmed that it does not store the hashes or passwords on its servers.
“The only difference is that with this list, we’re not seeing the standard “bad passwords” 12345, password1 and the like,” a LastPass spokesperson said. “We’re seeing harder-to-crack passwords (not dictionary based), so there’s a strong indication that this hacker leaked a portion of the list that he needed help with cracking.”
According to Ars Technica, the Russian hacker behind the security breach posted the list of compromised
eHarmony accounts online. The same hacker, who uses the name “dwdm,” is also behind the LinkedIn security breach.
The hacker stole stole 6,458,020 encrypted LinkedIn passwords and posted them online (without usernames) to prove his feat.
“People should definitely be taking this seriously,” the LastPass spokesperson added. “If you’ve used this password anywhere else, you need to go change it everywhere else, and you need to start implementing a system to have unique passwords for each online account and a way to remember those passwords.”
