Formspring has disabled 30 million registered users’ passwords after a leak was triggered on Tuesday. A hacker breached the company’s servers in San Francisco and procured an unknown total number of password combinations, but hundreds of thousands were leaked to the web to prove that the hack did occur. Formspring has responded swiftly to reset passwords and the leaked passwords were all encrypted which makes it a lot more difficult to access than just a simple text post.
A spokeswoman from Formspring has said that 420,000 encrypted passwords were posted to a security forum. She also pointed out there is no evidence that any Formspring accounts have been tampered with. The founder of Formspring, Ade Olonoh said in a blog post that they have disabled all user passwords and are asking users to reset their passwords. He gives a few tips for a strong password at the blog.
Ade also pointed out that they’ve resolved the security breach and revealed that the hacker broke into Formspring’s “development servers” and used that access to procure the information. The hole has been fixed and the password encryption has been upgraded.
If you’re on Formspring, head over there as soon as you can to reset your password.