14 DAY TRIAL // The company operating the eHarmony.com online dating website has reset some account passwords after learning of a security breach on one of its systems.
According to independent security reporter Brian Krebs, the company decided to take this proactive measure after a sale offer for the site's database appeared on an underground forum.
The message also claimed that stolen emails are included in the deal and that different parts of eHarmony's infrastructure were compromised.
The company confirmed that an Argentinian hacker named Chris "Ch" Russo contacted it last year about an SQL injection vulnerability in its support website, eHarmony Advice.
Joseph Essas, eHarmony's chief technology officer told Brian Krebs that the hacker offered to help close the vulnerability and perform other security tests in exchange for money, something which he found disturbing.
Russo has been recently accused of taking a similar approach when discovering a vulnerability on another online dating site called PlentyOfFish.
The hacker denied any connection to the eHarmony database sale offer, but did not exclude the possibility that one of his associates might be involved.
Some users received an email from eHarmony notifying them that their passwords were reset as a precautionary measure and advising them to choose new ones.
In a statement posted on its website, the company stresses that the main eHarmony website has not been affected and that the eHarmony Advice database has very little in common with the main eHarmony one.
"We have taken appropriate steps to remedy the situation and have notified any potentially affected customers, who comprise an extremely small fraction of our total eHarmony.com user base (less than 0.05 percent)," the company said.
It also stressed that its network has not been compromised because it uses sophisticated security mechanisms including firewalls and encrypted communications.