eHarmony security compromised

For those of you feeling safe and secure in your own little world, convinced that no one would bother hacking a dating site after going after one of the largest business-related social networking sites, think again: eHarmony has announced they’ve fallen victim to the same hacker or hackers that compromised the security of LinkedIn and posted th results on a Russian internet forum.

It was confirmed earlier this week that there was a breach of the online dating site. A ‘small fraction’ of the dating site’s users has been affected, according to eHarmony corporate communications representative, Becky Teraoka, but the number of users that might have been put at risk was not specified – though the website did confirm it had reset the passwords of anyone whose security had been breached.

Truth be told, the hackers didn’t break in and abscond with a bundle of raw passwords but a number of ‘hashes,’ which are versions of the passwords that have been encrypted with a computer algorithm.  However, the passwords can be uncovered with decoding software available to anyone for free, with the only thing standing in between a Russian hacker reading your online dating profile the relative length of your password, as longer ones take more time to crack.

Around 1.5 million of these password hashes were compromised, as they were posted on InsidePro, a password-cracking website hosted in Russia.  The same website is also allegedly responsible for the LinkedIn security breach where anywhere between 5.8 million and 6.5 million hashes were purloined and posted, though business networking site has also announced it was changing passwords and informing its members.

Online passport allows us to verify trusted faces

For weeks we have been vociferous about mobile applications, such as the tru.ly app, which verifies members’ online dating profiles against government records; but, up until now, such confirmation has only been available in certain states in the US. It has been hoped that dating sites follow example of their less static counterparts by incorporating this technique in their own web pages.

Now, a similar option has availed itself to UK dating sites, with the launch of Trusted Faces, which is heading up its marketing campaign with the slogan ‘Online people you can trust’. I can almost hear the millions of UK dating site members cheering a hearty ‘About time!’, right now.

how the online passport works

The new ‘online passport’ will not only benefit dating and matchmaking sites the length and breadth of the UK; it’s further attraction reaches out to online business entrepreneurs, backing up financial and account activity without the hassle of verifying identity through third parties that customers are who they say they are.

Using secure centric online technology verified with a face-to-face UK Post Office® check, each registered user gets their unique online certificate number. This can then be verified on the Trusted Faces site – the photo on the dating site profile should match the online passport photo which you check via a ‘ticket’ which your online dating site member will issue you with.

As well as the photographs matching, the passport also includes contact information, such as e-mail address, e-bay registered user information and profiles such as facebook and twitter.

Once an individual has created their profile, they have the option to add it to Trusted Faces Who’s Who Directory where you can verify those e-mail addresses, e-bay stores, etc., to confirm that they are owned by the passport-holder, as they claim.

how will this help online dating members?

Alongside the many business uses for online passport verification, this can only push dating sites credibility even higher. The last barricade to many potential singles, who have previously foregone the opportunity to search for love online due to security issues can potentially now be eliminated, opening the floodgates for many more users to join the growing phenomenon that is online dating.

The benefits for dating site users are instant. If a member wishes to search for partners only by those who are verified, a safe area can be created to facilitate that requirement. If ever dating sites needed to create membership to attract more users, this has to be the way forward; even those using assumed names can now verify themselves.

Singles sites sign-ups sold out

Where did they get my details?

Have you ever wondered where dating sites who you’ve never approached, to the best of your knowledge, get your contact details from? Whether it’s a spam (unsolicited) e-mail, text or phone call, they have got your information from somewhere.

What is worse for the unsuspecting individual, if it is an uninvited adult dating site that gets in touch, is that it is not necessarily another matchmaking service that has forwarded your data. If you are in a relationship and you are unfortunate enough to have your partner check your inbox, you may have trouble explaining away a proposal for a date from someone looking for love in your area.

There are several ways the unrequited dating site may have come by your information. If you have signed up for a free dating site, there is a better than average chance that one of the ways they raise capital is by selling their clients’ information to anyone willing to pay for it.

With the amount of start-up dating sites looking for a route to market, there is a requirement for buying redundant or aged dating site databases. Not only is it a mailing list for the new online personals site, but also provides ready-made profiles; to anyone looking from the outside in, the dating site may seem well-populated. However, there is no guarantee that the members are current, or that they’ve ever heard of this new matchmaking site, of which they’re supposed to be a member.

And it doesn’t matter how long it has been since you joined the original online dating site – companies who operate mailing lists, unless there is a clause in sign-up, will never delete your name from their records until you unsubscribe.

There are also sites, particularly towards Eastern Europe and beyond, where affiliate sites are swiftly taking over the market. One central dating web-site exists, the head of the franchise, if you like, from where those in the chain below receive their programs. Once a sub-domain is created, one of two things happen, equally as cheap:

  1. The affiliate site either gets a duplicate copy of the members signed up to the main site (these are the seeds) and, as new members join, the old members are unwittingly plucked (like weeds) once established.
  2. The other way, even cheaper, is that the afilliate site simply has links to profiles on the main singles site.
    • Either way, members are unaware that they are living a double virtual existence, unless they come across themselves on the dummy website, that is.

Closer to home, technology is extensively assisting advertisers who have split their marketing costs; ‘like’ companies, who may only be as alike as in ‘they are a business’, increase their (in)visibility by sharing an adspace – you click on one ad, multiple companies behind the banner get your information.

If you are a victim of unsolicited e-mail, sent from a new dating site’s list, there will be an option to ‘unsubscribe’ at the bottom of each e-mail you didn’t ask for (it may be well hidden!). Any company using a mailing list will employ an auto-responder to send their mail automatically for them.

If a single entity is repeatedly reported for sending spam (junk) e-mail, their service will be terminated.  Hit this to remove your name.  If the company persistin sending you mail, do mark the correspondence as spam.

True, it’s only a small step, but at least one in the right direction to getting your online identity back.

Dating sites, chat-rooms and web-scams

One of the shackles that the online dating industry has worked so hard to free itself of, like the proverbial bad penny, just will not go away. It was recently reported that in one year alone US citizens lost more than half a billion dollars to scams on the internet, a percentage of which was accredited to credit card and bank account information being entered into rogue singles websites.

It is hardly surprising – many outfits behind these scams are extremely proficient at what they do and, if unchecked, they can replicate a internet-based dating site to such an extent a casual user may hardly notice an appreciable difference.

There are signs that should start ringing alarm bells, which you can learn to look out for if ever your suspicions are aroused by a dubious-looking dating website.

First and foremost, you need to re-think how you arived at the site. It is doubtful (although not impossible) that such a site will have invested in the resource to obtain a high page-ranking, especially in a niche as competitive as online dating. You will more likely have clicked through a banner ad or from connected via a spam e-mail, to which you did not subscribe.

We shouldn’t, but we can often get distracted whilst browsing. If your suspicions are aroused once you land on a personals site, double-check the name in the browser-bar. If you are sent to a payment site to register your membership with a new dating service, ensure that the checkout name reads correctly, for example PayPal and not ‘PayPol’ – it is these subtle diferences that can unwittingly trip up an infrequent visitor to the genuine site.

If the website is kosher, all aspects of its diction will be grammatically correct. Many of the scam payment sites have origins in Africa or the Middle/Far East (although not by any means all of them); poor grammar, punctuation or inappropriate wording is a sure sign that you need to investigate the URL (website name) a little further.

You can check out the website in more detail in many ways.

Most serious dating sites only affiliate themselves with payment companies that offer secure checkout facilities, hence their URL will begin with https, not just http. You can also check this by setting your firewall more securely; if you access the site thus, you will be warned about insecure certificates or if the site has been reported by other users.

There are many more tips issued by the fbi, regarding internet fraud, here. Be safe – do not contribute to these scammers who give the world of online dating such a bad name.