Formspring Passwords Hacked, Posted Online
Social networking website Formspring was forced to reset the passwords of all its users on Thursday morning and send out notification emails after its network was hacked and 420,000 user passwords were posted online.
The company acknowledged the security breach via its official company blog. The company says someone breached one of its development servers and used that breach to extract user passwords from an active production database.
After the breach Formspring upgrades its encryption systems after reset user passwords to auto-generated passes.
User password hashes were posted to a security forum but did not contain usernames or other identifying information.
Formspring says its security protocols are now tighter and it is utilizing sha-256 hashing with random salts to bcrypt.
Users who log into Formspring for the first time since the breach will be asked to change their passwords. Users who take advantage of the Facebook login option can go about their business as usual.
The security breach was revealed just hours after Yahoo! Voices witnessed a similar attack.
On its blog Formspring tells users:
“We learned this morning that we had a security breach where some user passwords may have been accessed. In response to this, we have disabled all users passwords. We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords. Users will be prompted to change their passwords when they log back into Formspring. This is a good time to create a strong password.”
The company recommends 10 or more characters mixed with upper and lowercase letters and special characters, of course if passwords are stolen because of server and encryption issues the strength of an individual users password.