Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Hackers Release More Than 420,000 Formspring Passwords

Featured Replies

Hackers release more than 420,000 Formspring passwords < br />

2012-07-12 06:38:22 GMT+7 (ICT)

SAN FRANCISCO, CALIFORNIA (BNO NEWS) -- The questions and answers website Formspring on Wednesday disabled the passwords of its more than 29 million registered users as a precaution after nearly half a million of them were posted on a website, the company's founder said.

The website, where users can ask each other questions or be asked questions by anonymous people, said it was alerted by someone that 420,000 passwords had been posted to a security forum. The leaked passwords were camouflaged with a common cryptographic code called SHA-256 hash, a version of the SHA-2 hash function which is known to have security issues.

"Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach," Formspring founder and CEO Ade Olonoh said in a blog post. "We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database."

The file released on the security forum did not contain usernames or other identifying information, but the company did not say whether the hackers may have been able to access them. It said it immediately 'fixed the hole' and upgraded the hashing mechanisms for its password database to bcrypt, which is considered more secure.

"In response to this, we have disabled all users passwords," Olonoh said. "We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords. Users will be prompted to change their passwords when they log back into Formspring."

Formspring spokeswoman Dorothée Fisher says it currently has more than 29 million registered users.

tvn.png

-- © BNO News All rights reserved 2012-07-12

Hackers are nothing more than common thieves.

Hackers are nothing more than common thieves.

Sometimes they are just freedom fighters out to uncover the truth. What do these 420,000 people need secret passwords for anyway? What have they to hide? Maybe the hackers should start a Paypal account where they can collect donations for their legal defense in case they ever get caught? Other hackers have done quite well doing just that.

Hackers are nothing more than common thieves.

Sometimes they are just freedom fighters out to uncover the truth. What do these 420,000 people need secret passwords for anyway? What have they to hide? Maybe the hackers should start a Paypal account where they can collect donations for their legal defense in case they ever get caught? Other hackers have done quite well doing just that.

Freedom fighters to some are terrorists to others. I lean toward hackers being terrorists hiding behind their anonymity. wai.gif

All of this hacking and putting previously private info/password/etc on the Internet for everyone to see is fine and dandy until it's YOUR info/password/etc that is put on the Internet for everyone to see. Maybe we need a hacker who can hack hackers and put their stuff out there?

I never heard of this site before, just had a look.

So from what I figure a login/password is just for identity on the site (like here at tv, or twitter). Stealing and posting the passwords then only affects logging in and posting on the site. A pain in the arse definitely, but it was just a prank, they didn't get credit card/paypal info etc, so it was more like amusement than robbery. As for sites that have you post your personal info, address etc, well, hopefully most people will be smart enough to be discrete (or I do give people too much credit?)

I never heard of this site before, just had a look.

So from what I figure a login/password is just for identity on the site (like here at tv, or twitter). Stealing and posting the passwords then only affects logging in and posting on the site. A pain in the arse definitely, but it was just a prank, they didn't get credit card/paypal info etc, so it was more like amusement than robbery. As for sites that have you post your personal info, address etc, well, hopefully most people will be smart enough to be discrete (or I do give people too much credit?)

Got to disagree with you.

When is stealing proprietary information not stealing? The amount of information stolen doesn't change the fact that it was stolen in the first place.

I'm not commenting on whether it's stealing or not, I think the coverage of the story is overdone.

So imposters can log in and give people a hard time, big deal.

I'm not commenting on whether it's stealing or not, I think the coverage of the story is overdone.

So imposters can log in and give people a hard time, big deal.

If hackers broke into your personal account it is conceivable they could obtain your address, full name, date of birth, social security number, credit card numbers, bank account information, etc. With this information they could then perform identity theft and ruin your life.

I would call that a "big deal".

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.