The first reports of eHarmony.com being hacked came out in 2011 and supposedly only a portion of the users was hacked. It’s ridiculous how wrong these “security researchers” and journalist can be. The truth is this database was actually hacked in June of 2010 and finally came to the public/underground market of Carder.biz in 2011. I came across this database from a user on the now defunct forum DigitalGangster.com. I didn’t know the guy, but I boasted about my mailing operation and told him we could make a ton of money off this data. He ended up sending me the entire database of 20+ million usernames, emails, and MD5 hashes. To be honest, I blocked the guy as soon as I received the SQL file and never heard from him again. Back then I only knew of 4 people that had this database and I knew it would be a race to hit it first.
I knew if I did everything right I would easily make a million dollars of this database. There was a problem though, all of these passwords were encrypted in MD5. Now for those who don’t know what MD5 is, it’s the most basic encryption and looks like this.
Since I didn’t have the computing power to crack these hashes, I went ahead and used the Chinese operated service cmd5.org. They gave me a great deal and solved most of the hashes easily. The encryption was actually the users password in UPPERCASE and hashed using MD5. So after all the hashes were decrypted, I just had to convert them to lowercase. The fun was about to begin.