Formspring Hacked, 420000 Password Hashes Stolen In a Security Breach
formspring.me widely known as Formspring is the latest in the seemingly unending list of websites to have suffered a security breach. More than 420,000 passwords for Formspring accounts have fallen into the wrong hands and posted publically to the internet. The incident brings back memories of the password leaks at popular sites such as LinkedIn and eHarmony about a month ago. A blog entry posted by Formspring's CEO and founder Ade Olonoh explains that the passwords of all 28 million users have been disabled after all, only 420,000 have been posted on the net.
According to the firm, usernames and other identifying information were not published alongside the stolen password hashes. Furthermore, in a positive sign, users were told that the SHA-256 hashed passwords were salted - and that Formspring is now tightening security further by introducing stronger bcrypt cryptographic hashes. Formspring also says that it has identified the security hole that allowed a hacker to breach its systems:
"Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach. We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database."
After being informed of this discovery, the operators of the platform soon managed to trace the leak to one of their development servers which had allowed an attacker to access a production server and said that they successfully closed it. Formspring has also reset all user passwords. As per latest information, Formspring appears to have dealt with the security breach quickly and fairly transparently.
Basiacally Formspring is a social Q&A website, launched in November 2009. The site allows its users to set up a profile page, follow other users and ask questions from other users. The questions and their given responses are then published on the user's profile page. It is operated by Formspring.me, Inc. a company headquartered in San Francisco.
-Source (NS, The-H & Formspring)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
cyber-crime
,
ROT
,
security-news
,
vulnerablity