Formspring Also victim to hackers leaking data after being hacked via dev site

Yet another website has come out this month and announced that they are investigating a breach which has resulted in leaked data. The company is Formspring and this come as Yahoo, Nvidia and other high profile targets have been hacked.

Formspring is the place where you can share your perspective on anything. Members express their point of view and personality through engaging conversations and interact with friends, followers, and people they just find cool. more

Formspring announced on the 12th that they have started an investigation to a possible breach and not long after they updated that to a confirmation as well as a bit of information into the leaked data. The confirmation has been made via a unknown security forum which contacted Formspring after the leaked data was posted there, after they did checks and confirmed the data was in fact true they locked down and started figuring out whats going on. It turns out that the hackers have obtained access to a live production database via a development server which was exploited. Formspring claims to fo updated this security hole and upgraded  the encryption to bcrypt. Latest update from FormSpring> UPDATE: SECURITY BREACH RESOLVED We wanted to give an update that the security breach was resolved today and provide background on what happened. We were notified that approximately 420k password hashes were posted to a security forum, with suspicion from a user that they could be Formspring passwords. The post did not contain usernames or any other identifying information. Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach. We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database. We were able to immediately fix the hole and upgraded our hashing mechanisms from sha-256 with random salts to bcrypt to fortify security.  We take this matter very seriously and continue to review our internal security policies and practices to help ensure that this never happens again. We wanted to provide feedback to questions we are seeing come through our support desk: – If you have not yet received an email asking you to reset your password, make sure you are checking the email account of the email you registered with on Formspring.  Also check your Spam folder.  If you still don’t see the email or no longer have access to that email address, contact our support team at and they’ll take care of it.

  • If you have linked Facebook to your account, you can safely use Facebook Connect to log in.  However, we recommend that you change your Formspring password if you’ve previously created one.

Should you have any further questions, please contact [email protected].

About the author: Lee J

Security Analyst, Developer, OSINT,

Comments are closed.