Formspring servers breached, 420,000 encrypted passwords stolen

By on July 11, 2012, 3:30 PM

Formspring has joined the likes of LinkedIn,, eHarmony and other sites breached recently, revealing yesterday that passwords were swiped from its servers. Following an investigation, the social service determined that an unknown intruder gained access to the company's development servers, from which they managed to lift account information off a production database, including 420,000 password hashes.

After learning about the break in, Formspring disabled all user passwords, forcing members to go through a reset process. Although the passwords were encrypted and no accounts have been reported as compromised, the company said it's better safe than sorry.

As is customary, Formspring offered various tips on creating a strong password and keeping your account secure, such as using 10 or more characters including things like punctuation, mixing lower and uppercase letters, and avoiding known words. Other suggestions:

  • Don't use the same passwords on other sites you visit
  • Don't share your password with anyone or write it down
  • Change your passwords every few months.
  • You can change your password from the Formspring Account Settings page
  • Don't put your email address, address or phone number in your Formspring profile
  • Log out of your account after you use a shared computer
  • Keep your anti-virus software up to date
  • Report any privacy issues to Customer Support

All members should have received an email requesting a password reset, though folks who login with Facebook are unaffected unless they previously set a Formspring password. Within a day, the company located and patched the hole in its system, in addition to upgrading its hashing mechanisms from sha-256 with random salts to bcrypt.

User Comments: 3

Got something to say? Post a comment
m4a4 m4a4 said:

Yup. Got an email today. Too bad I never use it anymore....

Guest said:

hackers been busy then are they responsible for the royal bank of scotland issue and now o2 issue and they just covering it up if not a shame as it would make a change from the usual rubbish or taking a service down for an hour shame about people its affected though but im all for the banks getting hurt all they do is screw us over, just started watching tv a series called continuum and I quite like the bad guys in it liber8 anti-corporation fanatics....wheres the real life version......

HuntForTheWOrst said:

Just sad though how weak the security system was.Theirs people in all these orgaizations that are specifacly given the role to patch up and fix vulnerable areas in the system and they get paid for that and if they fail the hackers are either really good or the organizations security is really weak can't wonder why these people get paid when their this bad at their Job.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.