Social site Formspring hacked, passwords disabled

Jul 11, 2012

(AP) — Social networking site Formspring said Tuesday that it was disabling nearly 30 million registered users' passwords after hundreds of thousands of them were leaked to the Web in their encrypted form.

Formspring said in a blog post that the breach happened after someone hacked into one of the San Francisco-based company's servers.

Spokeswoman Dorothee Fisher said Wednesday the company was alerted Monday that some 420,000 encrypted passwords had showed up on a security forum whose identity she refused to disclose because she did not want to draw attention to it.

Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker.

Fisher said there was no evidence that any accounts had been tampered with.

Formspring founder Ade Olonoh said in a blog post that his company had fixed the vulnerability and upgraded its encryption, adding that the company wanted to "play it safe" and had asked all users to reset their passwords.

"We take this matter very seriously and continue to review our internal security policies and practices to help ensure that this never happens again," he said.

Formspring launched in 2009 as a crowd-powered question-and-answer site. Last month, the company announced a major revamp intended to shift the site's focus toward users' interests.

Explore further: Twitter blocks two accounts on its Turkish network

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Password breach spreads beyond LinkedIn

Jun 07, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network. ...

Company says YouPorn chat service compromised

Feb 22, 2012

(AP) -- Users of a chat service linked to the heavily-trafficked YouPorn website have had their personal information compromised after a third-party service provider failed to secure its data, YouPorn's owners said Wednesday.

Hacker claims porn site users compromised

Feb 13, 2012

A hacker claims to have compromised the personal information of more than 350,000 users after breaking into a disused website operated by pornography provider Brazzers.

Online passwords are insecure: study

Apr 03, 2012

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis.

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

custard
not rated yet Jul 11, 2012
I suspect the "encryption" was hashing and the "upgrade" was MD5 to SHA2. And they don't salt their hashes.

Maybe people should start suing web sites that do this.

More news stories

Growing app industry has developers racing to keep up

Smartphone application developers say they are challenged by the glut of apps as well as the need to update their software to keep up with evolving phone technology, making creative pricing strategies essential to finding ...

Making graphene in your kitchen

Graphene has been touted as a wonder material—the world's thinnest substance, but super-strong. Now scientists say it is so easy to make you could produce some in your kitchen.