eHarmony was hacked, confirmed by eHarmony on 6/6/2012

eHarmony has updated their blog confirming that passwords for a portion of their user base have been compromised.
If you have a eHarmony account, we strongly suggest that you immediately:


  1. Change your eHarmony password
  2. Check if you have re-used your eHarmony password on any other websites and if so, change those passwords too.
    The LastPass security challenge can assist you in doing so.

Was *My* eHarmony Password Hacked?

If you would like to find out if your eHarmony password was one of the 1.5 million that were leaked, you can use the below tool:

Sorry JavaScript is required to use this tool



Wait a Minute, Why Is This Tool Safe?

You already changed your password right? You no longer use that old password anywhere else right? If not please make sure you do that first. The above tool asks you to enter your eHarmony password, and then computes its MD5 hash and sends the result to LastPass.com to search the list of 1.5 million leaked password hashes. A hash is a mathematical function that is simple to perform in one direction, but very difficult to reverse. Meaning, the tool will convert your password into a series of characters in such a way that it will be very difficult to re-construct your original password.

Only the hash of your password will be sent to LastPass.com's servers, not your actual password. This hash will not be stored or logged at all. Please view source the page if you're technically inclined.

Note that if you used a simple password, such as one based on dictionary words, then it might be possible to reconstruct your original password. This is what all of the concern is about: the hashes of simple passwords can be easily reconstructed to reveal the original actual password. The eHarmony hashes seem to lack the typical dictionary based passwords, we think it's likely that the people responsible for the release only released the more difficult hashes. You should assume that your password was compromised and make sure you're not using it anywhere else.

I just want to see how it works...

We encourage you to see just how bad the leaked passwords are. For inspiration: Speedate or testdate. It appears that eHarmony was uppercasing all passwords before hashing so we're doing that too.

So what should I do now?

After you've updated your eHarmony password, start better managing your online life with LastPass. LastPass will help you store all of your usernames and passwords in one secure, central location. You can update old passwords with randomly generated ones, and let LastPass do the work of remembering them and filling them for you. You can download the LastPass addon here.

Do you also have a LinkedIn account?

LinkedIn was also recently compromised. See if your LinkedIn password was compromised. So was Last.fm. See if your Last.fm account was leaked.