Social media website springs a (password) leak

Make sure to choose uncommon passwords to protect against brute force attacks.

Looks like it’s another spree of password security breaches. It has only been about a month since the LinkedIn password leak, but now the social media site Formspring has been targeted by hackers. In addition to 420,000 user passwords being compromised, the information was posted on a public forum.

“Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach,” Formspring said in a blog post. “We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database.”

Formspring quickly fixed the issue and upgraded its encryption methods to prevent further breaches. However, the breach is another incident that indicates the importance of strong password security measures.

Most common Yahoo passwords revealed
The recent Yahoo password leak, in which 440,000 user accounts may have been compromised, revealed the most commonly used passwords. According to a recent Yahoo article, the five most used passwords were:

•123456
• password
• welcome
• ninja
• abc123

While website breaches are one type of risk that can leave user accounts open for hackers, common passwords such as the five above are especially vulnerable to another type of threat: brute-force attack.

Brute force attacks rely on using thousands of password combinations in an attempt to guess what a user’s password might be. Bots can be programmed to make thousands of attempts in a short amount of time. Most brute force attacks start with common phrases and number combinations. According to a recent TechTarget article, advanced brute force programs can crack a 16-character password protected by basic encryption in just a few minutes.

Applications can present another threat on social media because of the profile information they can access. Block applications you don’t recognize or don’t use to prevent hackers from gaining access to moer information than you intended to make public.

Have you been affected by any of the password leaks in the past couple months? How did you respond?

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.