eharmony plentyoffish hackedThe recent spate of dating site hack attacks shows no signs up letting up anytime soon.

From Krebs on Security’s eHarmony Hacked, which done a nice job covering the recent dating site hacks:

Online dating giant eHarmony has begun urging many users to change their passwords, after being alerted by KrebsOnSecurity.com to a potential security breach of customer information. The individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site PlentyOfFish.com.

…(hacker) purported to have access to “different parts of the [eHarmony] infrastructure,” including a compromised database and e-mail channels. Provider was offering this information for prices ranging from $2,000 to $3,000.

Joseph Essas, chief technology officer at eHarmony, said Russo found a SQL injection vulnerability in one of the third party libraries that eHarmony has  been using for content management on the company’s advice site – advice.eharmony.com. Essas said there were no signs that accounts at its main user site — eharmony.com — were affected.

Databases are a popular attack vector for hackers. eHarmony has a massive infrastructure (MapReduce, Hadoop, MySql, etc). Doing security audits is difficult enough, even more so on third-party software, or so I’m told.

Interesting fact: eHarmony also uses Hadoop to do real-time analysis of the effectiveness of its TV ads. They know exactly how much each commercial yields in new customers.

Another tidbit I found searching for stories about eHarmony’s infrastructure… Asked if eHarmony would ever consider taking its love-match algorithms into other match-making endeavors, Joseph Essas, vice-president of engineering and operations for eHarmony said: “We would definitely consider it. We are experimenting and playing with different businesses.” Hmm, interesting.

Final word: Every dating site out there should perform a security audit immediately. Failure to do so could result in another hack job, and that would not be good for the industry at all. This goes for top 10 sites, all of Spark Networks, White Label Dating, Dating Factory, Boonex, SkaDate and all of the other dating sit platforms.