420,000 Formspring Users Passwords Leaked on Web

You received an email Formspring’s last night, requesting password change? It was not the only one: the social network of questions and answers that was successful for some time and today no one remembers most had their servers hacked and 420,000 passwords leaked in a forum. The flaw is similar to LinkedIn occurred last month, when 6.5 million passwords were accessed without authorization.

The service, created in 2009, has 28 million registered users. The  announcement made ​​on the official blog Formspring states that only hashes of passwords were leaked, making the discovery of the unique combination more difficult, but not impossible. Once the engineers have access to the file, an investigation was launched to find the cause of the problem and the servers were stopped to prevent further leaks.

According to the statement, one hacker was able to break into one of the Formspring server development and use of the information found to gain access to a production database. The service responsible for the state that take the matter “very seriously” and are reviewing their practices security “to ensure it never happens again.”

The systems have been updated to make the strongest passwords: now, all combinations are stored with SHA-256 hashing and encryption bcrypt. It is recommended to change your passwords if you use the same combination of Formspring other services.