Social networking site Formspring has been hacked, and hundreds of thousands of user passwords have been leaked on the Web. The site has acknowledged the breach and has disabled the passwords of nearly 30 million users, according to Formspring founder Ade Olonoh.
The breach happened after an intruder broke into one of the company’s servers and made off with about 420,000 encrypted passwords. Those passwords were later posted to a security forum.
Although encrypted passwords aren't immediately usable, they can sometimes be decoded by a savvy attacker. No user names or any other identifying information were exposed, Olonoh reported.
Olonoh said in a blog post that the company fixed the vulnerability and upgraded its encryption.
“We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords,” Olonoh said. “Users will be prompted to change their passwords when they log back into Formspring. This is a good time to create a strong password."