Social site Formspring hacked, passwords disabled

July 11, 2012

(AP) — Social networking site Formspring said Tuesday that it was disabling nearly 30 million registered users' passwords after hundreds of thousands of them were leaked to the Web in their encrypted form.

Formspring said in a blog post that the breach happened after someone hacked into one of the San Francisco-based company's servers.

Spokeswoman Dorothee Fisher said Wednesday the company was alerted Monday that some 420,000 encrypted passwords had showed up on a security forum whose identity she refused to disclose because she did not want to draw attention to it.

Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker.

Fisher said there was no evidence that any accounts had been tampered with.

Formspring founder Ade Olonoh said in a blog post that his company had fixed the vulnerability and upgraded its encryption, adding that the company wanted to "play it safe" and had asked all users to reset their passwords.

"We take this matter very seriously and continue to review our internal security policies and practices to help ensure that this never happens again," he said.

Formspring launched in 2009 as a crowd-powered question-and-answer site. Last month, the company announced a major revamp intended to shift the site's focus toward users' interests.

Explore further: Passwords for Brazilian jobless site insult users

0 shares

Related Stories

Hacker claims porn site users compromised

February 13, 2012

A hacker claims to have compromised the personal information of more than 350,000 users after breaking into a disused website operated by pornography provider Brazzers.

Company says YouPorn chat service compromised

February 22, 2012

(AP) -- Users of a chat service linked to the heavily-trafficked YouPorn website have had their personal information compromised after a third-party service provider failed to secure its data, YouPorn's owners said Wednesday.

Password breach spreads beyond LinkedIn

June 7, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

Recommended for you

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.

Smallest 3-D camera offers brain surgery innovation

August 28, 2015

To operate on the brain, doctors need to see fine details on a small scale. A tiny camera that could produce 3-D images from inside the brain would help surgeons see more intricacies of the tissue they are handling and lead ...

Team creates functional ultrathin solar cells

August 27, 2015

(Phys.org)—A team of researchers with Johannes Kepler University Linz in Austria has developed an ultrathin solar cell for use in lightweight and flexible applications. In their paper published in the journal Nature Materials, ...

Interactive tool lifts veil on the cost of nuclear energy

August 24, 2015

Despite the ever-changing landscape of energy economics, subject to the influence of new technologies and geopolitics, a new tool promises to root discussions about the cost of nuclear energy in hard evidence rather than ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

custard
not rated yet Jul 11, 2012
I suspect the "encryption" was hashing and the "upgrade" was MD5 to SHA2. And they don't salt their hashes.

Maybe people should start suing web sites that do this.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.