Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Formspring Hacked – 420,000 Passwords Leaked

Formspring, the Social Q&A portal focused on conversations and personal interests, admitted to being breached on Tuesday. The compromise led to the loss of 420,000 hashed passwords, forcing the website to reset the passwords used by every member.

Formspring, the Social Q&A portal focused on conversations and personal interests, admitted to being breached on Tuesday. The compromise led to the loss of 420,000 hashed passwords, forcing the website to reset the passwords used by every member.

Mirroring the recent LinkedIn breach, Formspring said that they were alerted to a forum post that contained 420,000 password hashes. The suspicion at the time was that they were from their own users. Engineers shutdown the Formspring service and confirmed the passwords were indeed theirs.

Cybercrime

In less than a day, an investigation revealed that the attacker(s) had “broken into one of our development servers and was able to use that access to extract account information from a production database,” a blog post explains.

The vulnerability was fixed, and in addition to resetting everyone’s passwords and sending alert emails, the social portal corrected their security.

“We were able to immediately fix the hole and upgraded our hashing mechanisms from sha-256 with random salts to bcrypt to fortify security. We take this matter very seriously and continue to review our internal security policies and practices to help ensure that this never happens again,” the post continued.

There have been no reported incidents of individual account compromise, but there were reports of Phishing by some users on Twitter attempting to capitalize on the incident.

Interestingly, while it gained popularity early on, most users who were reporting that they had received a password reset notice had forgotten they even registered with the service.

Related News: Best Buy Warns Customers of Account Hacking Attempts

Related InsightThe Most Prevalent Attack Techniques Used By Hackers

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...