On June 6, 2012, eHarmony confirmed that a subset of its member passwords had been compromised and posted to an online password cracking forum. Approximately 1.5 million password hashes were published; eHarmony used unsalted MD5 hashing, which allowed crackers to rapidly recover a large proportion of the plaintext passwords. The disclosure came just days after LinkedIn disclosed a similar breach (117 million unsalted SHA-1 hashes leaked on June 6, 2012), and both incidents occurred during a wave of credential database thefts in mid-2012. eHarmony immediately invalidated passwords for affected accounts and required those users to reset their passwords via email. The company did not disclose the full scope of the breach or how attackers gained access to its database. The eHarmony breach is notable because the site’s user base consists of people seeking romantic relationships — making exposed accounts particularly sensitive, as users could face embarrassment, blackmail, or targeted phishing attacks that exploit the knowledge of their use of a dating site. The simultaneous disclosure of the eHarmony and LinkedIn breaches in June 2012, combined with the Last.fm breach disclosed the same week, catalyzed industry-wide discussion about password storage practices and accelerated adoption of bcrypt, scrypt, and PBKDF2 as replacements for MD5 and SHA-1 for password hashing.