29 May 2019
#BreachAlert: Hackers break into Flipboard, steal user emails and passwords
In another case of poor data security, Flipboard, the go-to news aggregator for millions of people across the world, has suffered a data breach.
The platform has confirmed that hackers broke into its systems and accessed some users' personal information.
The breach was carried out for nearly a year, according to the company.
Here are the details.
Hackers accessed Flipboard's database
Flipboard recently issued a security update noting that an unauthorized party hacked into its systems and accessed a database containing personal user information and credentials.
The party in question carried out the attack for months - from June 2018 to March 2019 and April 21 - 22, 2019 - before anyone could detect and contain its impact.
Copy of data obtained
The company did not mention how many users might have been compromised in the breach, but it did note that the hackers must have obtained a copy of user information stored in the database.
This, according to its initial investigation, included names, Flipboard usernames, email addresses, and cryptographically hashed passwords of some users.
Now, this could be a cause of concern for many.
Digital tokens also compromised
In addition to passwords, the hackers may have also accessed the digital tokens that allowed Flipboard to connect with third-party services like Facebook/Twitter.
The connection helped users sign-in seamlessly and comment on or share articles showing up on the news app.
However, the company says it has not found evidence of any third-party account being accessed due to compromised digital tokens.
Flipboard has reset all users' passwords
Flipboard is working with law enforcement to investigate the hack, but as a precautionary step, the company has reset all users' passwords and disconnected digital tokens.
As a result, when you log into Flipboard, the service will prompt you to pick a new password.
Meanwhile, those using Flipboard with third-party services like Twitter or Facebook may have to connect their accounts again.
Hashed passwords are difficult to crack, says Flipboard
Flipboard has emphasized that the passwords compromised in the breach were encrypted with a unique 'salt' and Bcrypt or SHA-1 hashing function. This scrambled the passwords with a random set of characters, making them significantly difficult to crack.