Formspring today announced that it has suffered a security breach resulting in 420,000 of its members having their passwords compromised.
The San Francisco-based start-up reacted quickly to patch the vulnerability and has now asked all of its 28 million members to reset their passwords.
"We found that someone had accessed into one of our development servers and was able to extract account information from a production database. We were able to immediately fix the hole and are reviewing our internal security policies and practices to help ensure that this never happens again" said Formspring's Dorothee Fisher.
The positive news for its members is that the stolen passwords were in hashed form, and unlike LinkedIn, Formspring hashed user passwords using a 'salt' making it much more difficult for hackers to crack the passwords.
It's still extremely important that you take the following action should you have a Formspring account:
What to do
- Change your Formspring password
- If you use the same password on other sites change it on those too
- Make your new password(s) strong
- Never use the same password more than once.
- Be wary of phishing emails asking you to log into Formspring and change your password. Always visit the site directly, not through a link.
Using different passwords on all of your websites isolates your exposure should one site be compromised. Making your new Formspring password complex means that if this should happen again, it will be even more difficult for a hacked to crack your password, even if they are possession of the hashed password.
my1login has a free password generator which will generate strong, complex passwords for you. Should you choose to store them within the my1login password manager, then as you no longer have to remember them, you have the freedom to make all of your passwords complex and unique, building a fortress around your online identity.