wasc-whid@lists.webappsec.org

WASC Web Hacking Incidents Database

View all threads

WHID 2011-40: eHarmony Hacked

WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:03 PM

*Entry Title: *WHID 2011-40: eHarmony Hacked
*WHID ID: *2011-40
*Date Occurred: *February 10, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Entertainment
*Attacked Entity Geography: *USA
*Incident Description: *Joseph Essas, chief technology officer at eHarmony,
said Russo found a SQL injection vulnerability in one of the third party
libraries that eHarmony has been using for content management on the
company’s advice site – advice.eharmony.com. Essas said there were no signs
that accounts at its main user site — eharmony.com — were affected.
“The SQL dump contained screen names, email addresses, and hashed passwords
for account login on the Advice site.
*Mass Attack: *No
*Reference: *http://krebsonsecurity.com/2011/02/eharmony-hacked/
Attack Source Geography:

*Entry Title: *WHID 2011-40: eHarmony Hacked *WHID ID: *2011-40 *Date Occurred: *February 10, 2011 *Attack Method: *SQL Injection *Application Weakness: *Improper Input Handling *Outcome: *Leakage of Information *Attacked Entity Field: *Entertainment *Attacked Entity Geography: *USA *Incident Description: *Joseph Essas, chief technology officer at eHarmony, said Russo found a SQL injection vulnerability in one of the third party libraries that eHarmony has been using for content management on the company’s advice site – advice.eharmony.com. Essas said there were no signs that accounts at its main user site — eharmony.com — were affected. “The SQL dump contained screen names, email addresses, and hashed passwords for account login on the Advice site. *Mass Attack: *No *Reference: *http://krebsonsecurity.com/2011/02/eharmony-hacked/ *Attack Source Geography:*