Hackers compromised more than 400,000 passwords from social Q&A website, Formspring. On July 6, The Hacker who compromised the database asked help in the InsidePro forum for cracking the SHA-256 Hashes.
The H's associates at heise Security had discovered the Formspring hashes at the end of last week but couldn't determine at the time the origin of the data. A short time later, a reader contacted The H with the crucial piece of information that hundreds of passwords contained the term formspring.
After being informed of this discovery, the operators of the platform soon managed to trace the leak to one of their development servers which had allowed an attacker to access a production server and said that they successfully closed it.
Formspring has also reset all user passwords. The company has taken this opportunity to switch its hashing method from SHA-256 (salted) to bcrypt, a method that can currently only be cracked with substantial computing power and, therefore, an attack would take a significant amount of time.
At the time of writing, hackers cracked half of the Hashes and posted in online.
