Jump to content

Hackers Release More Than 420,000 Formspring Passwords


Recommended Posts

Posted

Hackers release more than 420,000 Formspring passwords < br />

2012-07-12 06:38:22 GMT+7 (ICT)

SAN FRANCISCO, CALIFORNIA (BNO NEWS) -- The questions and answers website Formspring on Wednesday disabled the passwords of its more than 29 million registered users as a precaution after nearly half a million of them were posted on a website, the company's founder said.

The website, where users can ask each other questions or be asked questions by anonymous people, said it was alerted by someone that 420,000 passwords had been posted to a security forum. The leaked passwords were camouflaged with a common cryptographic code called SHA-256 hash, a version of the SHA-2 hash function which is known to have security issues.

"Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach," Formspring founder and CEO Ade Olonoh said in a blog post. "We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database."

The file released on the security forum did not contain usernames or other identifying information, but the company did not say whether the hackers may have been able to access them. It said it immediately 'fixed the hole' and upgraded the hashing mechanisms for its password database to bcrypt, which is considered more secure.

"In response to this, we have disabled all users passwords," Olonoh said. "We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords. Users will be prompted to change their passwords when they log back into Formspring."

Formspring spokeswoman Dorothée Fisher says it currently has more than 29 million registered users.

tvn.png

-- © BNO News All rights reserved 2012-07-12

Posted

Hackers are nothing more than common thieves.

Sometimes they are just freedom fighters out to uncover the truth. What do these 420,000 people need secret passwords for anyway? What have they to hide? Maybe the hackers should start a Paypal account where they can collect donations for their legal defense in case they ever get caught? Other hackers have done quite well doing just that.

Posted

Hackers are nothing more than common thieves.

Sometimes they are just freedom fighters out to uncover the truth. What do these 420,000 people need secret passwords for anyway? What have they to hide? Maybe the hackers should start a Paypal account where they can collect donations for their legal defense in case they ever get caught? Other hackers have done quite well doing just that.

Freedom fighters to some are terrorists to others. I lean toward hackers being terrorists hiding behind their anonymity. wai.gif

Posted

All of this hacking and putting previously private info/password/etc on the Internet for everyone to see is fine and dandy until it's YOUR info/password/etc that is put on the Internet for everyone to see. Maybe we need a hacker who can hack hackers and put their stuff out there?

  • Like 1
Posted

I never heard of this site before, just had a look.

So from what I figure a login/password is just for identity on the site (like here at tv, or twitter). Stealing and posting the passwords then only affects logging in and posting on the site. A pain in the arse definitely, but it was just a prank, they didn't get credit card/paypal info etc, so it was more like amusement than robbery. As for sites that have you post your personal info, address etc, well, hopefully most people will be smart enough to be discrete (or I do give people too much credit?)

Posted

I never heard of this site before, just had a look.

So from what I figure a login/password is just for identity on the site (like here at tv, or twitter). Stealing and posting the passwords then only affects logging in and posting on the site. A pain in the arse definitely, but it was just a prank, they didn't get credit card/paypal info etc, so it was more like amusement than robbery. As for sites that have you post your personal info, address etc, well, hopefully most people will be smart enough to be discrete (or I do give people too much credit?)

Got to disagree with you.

When is stealing proprietary information not stealing? The amount of information stolen doesn't change the fact that it was stolen in the first place.

Posted

I'm not commenting on whether it's stealing or not, I think the coverage of the story is overdone.

So imposters can log in and give people a hard time, big deal.

Posted

I'm not commenting on whether it's stealing or not, I think the coverage of the story is overdone.

So imposters can log in and give people a hard time, big deal.

If hackers broke into your personal account it is conceivable they could obtain your address, full name, date of birth, social security number, credit card numbers, bank account information, etc. With this information they could then perform identity theft and ruin your life.

I would call that a "big deal".

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...