Formspring, established in 2009, enables members to initiate and participate in simple question and answer forum chats on a variety of topics of choice. The site boasts nearly 30 million members.
According to a company post on the official Formspring blog:
"We were notified that approximately 420k password hashes were posted to a security forum, with suspicion from a user that they could be Formspring passwords. The post did not contain usernames or any other identifying information.
"We were able to immediately fix the hole and upgraded our hashing mechanisms from sha-256 with random salts to bcrypt to fortify security. We take this matter very seriously and continue to review our internal security policies and practices to help ensure that this never happens again."
Formspring has sent emails to all of its members asking them to construct new passwords. However, comments to the blog post suggest that many users have still not been able to locate the email and some are confused as to what to do.
Formspring says in its blog:
"If you have not yet received an email asking you to reset your password, make sure you are checking the email account of the email you registered with on Formspring. Also check your Spam folder. If you still don’t see the email or no longer have access to that email address, contact our support team at https://formspringme.zendesk.com/anonymous_requests/new and they’ll take care of it."
Image courtesy of bigstockphoto