ITWire

Home Your IT Home IT Formspring sprung with password security breach

Formspring sprung with password security breach

Formspring sprung with password security breach Featured
Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


Question and answer social networking forum Formspring has reset the passwords of tens of millions of members after one of the company's development servers was hacked into and 420,000 members' passwords were posted online.

 

Formspring, established in 2009, enables members to initiate and participate in simple question and answer forum chats on a variety of topics of choice. The site boasts nearly 30 million members.

According to a company post on the official Formspring blog:

"We were notified that approximately 420k password hashes were posted to a security forum, with suspicion from a user that they could be Formspring passwords. The post did not contain usernames or any other identifying information.
"Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach. We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database.

"We were able to immediately fix the hole and upgraded our hashing mechanisms from sha-256 with random salts to bcrypt to fortify security.  We take this matter very seriously and continue to review our internal security policies and practices to help ensure that this never happens again."

Formspring has sent emails to all of its members asking them to construct new passwords. However, comments to the blog post suggest that many users have still not been able to locate the email and some are confused as to what to do.

Formspring says in its blog:

"If you have not yet received an email asking you to reset your password, make sure you are checking the email account of the email you registered with on Formspring.  Also check your Spam folder.  If you still don’t see the email or no longer have access to that email address, contact our support team at https://formspringme.zendesk.com/anonymous_requests/new and they’ll take care of it."

Image courtesy of bigstockphoto

RECRUITMENT & RETENTION REPORT 2013

HIRE OR FIRE? BUY OR BUILD

2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.

If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.

GET YOUR REPORT NOW

Stan Beer

 

Stan Beer co-founded iTWire in 2005. With 25 years of experience working in Australian technology media, Beer has published articles in most of the IT publications that have mattered, including the AFR, The Australian, SMH, The Age, as well as a multitude of trade publications.

More in this category: « iPhone 5: it’s the iEconomy, stupid Kogan: back into Bing with bang after content-free URL bungle »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1