42,000 Formspring Passwords Leaked After Server Hack

Social question-and-answer site Formspring is the latest website to be hit by a password hack.

A Tuesday security breach led to about 420,000 passwords being accessed and posted to a security forum, Formspring CEO Ade Olonoh wrote in a blog entry. In response, the site disabled all user passwords.

"We apologize for the inconvenience but prefer to play it safe," Olonoh wrote.

Formspring members initially learned about the disabling of passwords "for security reasons" in an email from the company, but no further information was released to members.

Upon logging into Formspring, all users will be prompted to change their passwords, preferably to something long and complex, Olonoh said. Usernames and other identifying information were not posted with the passwords, but Formspring found that someone had broken into one of its development servers and stolen data from a production database.

Formspring fixed the hole, and in the process upgraded its hashing mechanisms to fortify security, Olonoh said. The company will continue to review internal security policies and practices, "to help ensure that this never happens again," the CEO said.

The announcement comes several weeks after LinkedIn, Last.fm, and eHarmony all confirmed password breaches. Online dating site eHarmony reported 1.5 million passwords stolen; far fewer than networking site LinkedIn's leaked 6 million passwords. Last.fm topped the bunch, with 6.5 million passwords exposed, according to the music site.

San Francisco-based startup Formspring launched in 2009, and raised $11.5 million last year to help service its more than 20 million global users. Last month, Formspring revamped its website, with new features, like tagging questions and responses for search purposes, as well as the ability to track tags and people.

Source:pcmag