Sign up for a new account or log in here:
Formspring has joined the likes of LinkedIn, Last.fm, eHarmony and other sites breached recently, revealing yesterday that passwords were swiped from its servers. Following an investigation, the social service determined that an unknown intruder gained access to the company's development servers, from which they managed to lift account information off a production database, including 420,000 password hashes.
After learning about the break in, Formspring disabled all user passwords, forcing members to go through a reset process. Although the passwords were encrypted and no accounts have been reported as compromised, the company said it's better safe than sorry.
As is customary, Formspring offered various tips on creating a strong password and keeping your account secure, such as using 10 or more characters including things like punctuation, mixing lower and uppercase letters, and avoiding known words. Other suggestions:
All members should have received an email requesting a password reset, though folks who login with Facebook are unaffected unless they previously set a Formspring password. Within a day, the company located and patched the hole in its system, in addition to upgrading its hashing mechanisms from sha-256 with random salts to bcrypt.
Get free exclusive content, learn about new features and breaking tech news.