eHarmony Leads Weekly Breach RoundupDating Site Reveals Breach; Last.fm Warns of Password Leak
In this week's breach roundup, online dating website eHarmony had hashed passwords exposed for a "small fraction" of its users, and Last.fm warns users to reset passwords after its website was hacked.
See Also: The Global State of Online Digital Trust
eHarmony Reveals Breach
The online dating website eHarmony has warned a "small fraction" of its users of a June 6 breach that likely exposed hashed passwords associated with online accounts. According to the online technology website ArsTechnica, about 1.5 million of the unsalted hashes linked to plaintext passwords that have been cracked so far appear to belong to users of eHarmony. The site goes on to say that at least 420 of the passwords contain the strings "eharmony" or "harmony."
Last.fm Warns of Possible Password Leak
Online music-recommendation service Last.fm revealed on June 7 that it was hacked, warning of a possible password leak. "This follows recent password leaks on other sites, as well as information posted online," a blog posted by the company states. "As a precautionary measure, we're asking all our users to change their passwords immediately."
U of North Florida Database Compromised
A University of North Florida database containing information on people who submitted housing contracts could have been compromised. An FAQ page set up on the university's website explains that over 23,000 names and Social Security numbers have been affected and could have been accessed unlawfully as early as spring 2011. UNF is sending letters and e-mails to those that have been affected and is offering affected individuals a one-year membership to a credit monitoring service.
School District Breach Affects Thousands
Eugene School District 4J in Oregon is notifying families of current and former students regarding unauthorized access to a district computer workstation during the week of June 4. The files on the workstation contained information for all or most current 4J students [a school system of more than 16,000 K-12 students], including names, student ID numbers, addresses, dates of birth, and in some cases phone numbers, Social Security numbers, and/or students' free or reduced-price school lunch status, according to information posted on the district's website.
The school district said it has changed passwords, increased password security and has limited the personal student data shared in the school's meal system.
Computers Containing Patient Data Stolen
The medical office of Robert Witham, M.D., had two computers containing patient information stolen. A press release issued by the office explained the burglary occurred on April 16, and that the two computers, along with office and medical equipment as well as various personal belongings, were taken. The practice is based in Port Angeles, Wash. Personal information compromised includes names, addresses, Social Security numbers, office amount charges, ICD-9 diagnosis codes and dates of birth for patients.
When reached, Dr. Witham couldn't confirm the number of patients affected by the breach. Affected patients have been notified and will receive free credit and identity theft monitoring for one year.