Social networking site Formspring said Tuesday that it was disabling nearly 30 million registered users' passwords after hundreds of thousands of them were leaked to the Web.
Formspring said in a blog post that the breach happened after someone hacked into one of the San Francisco-based company's servers, adding that some 420,000 encrypted passwords later showed up on an unnamed security forum. Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a savvy attacker.
Suffers data breach
Formspring founder Ade Olonoh said in a blog post that his company had fixed the vulnerability and upgraded its encryption, adding that the company wanted to “play it safe” and had asked all users to reset their passwords.
“We take this matter very seriously and continue to review our internal security policies and practices to help ensure that this never happens again,” he said.
Formspring launched in 2009 as a crowd-powered question-and-answer site. Last month, the company announced a major revamp intended to shift the site's focus toward users' interests.
An email seeking additional detail from the company wasn't immediately returned, and a phone number listed for the site's registrant was out of order.