Flipboard hacked, user emails and passwords stolen

Science

29 May 2019

#BreachAlert: Hackers break into Flipboard, steal user emails and passwords

In another case of poor data security, Flipboard, the go-to news aggregator for millions of people across the world, has suffered a data breach.

The platform has confirmed that hackers broke into its systems and accessed some users' personal information.

The breach was carried out for nearly a year, according to the company.

Here are the details.

Issue

Hackers accessed Flipboard's database

Hackers accessed Flipboard's database

Flipboard recently issued a security update noting that an unauthorized party hacked into its systems and accessed a database containing personal user information and credentials.

The party in question carried out the attack for months - from June 2018 to March 2019 and April 21 - 22, 2019 - before anyone could detect and contain its impact.

Information

Copy of data obtained

The company did not mention how many users might have been compromised in the breach, but it did note that the hackers must have obtained a copy of user information stored in the database.

This, according to its initial investigation, included names, Flipboard usernames, email addresses, and cryptographically hashed passwords of some users.

Now, this could be a cause of concern for many.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify Me

Hashed passwords are difficult to crack, says Flipboard

Flipboard has emphasized that the passwords compromised in the breach were encrypted with a unique 'salt' and Bcrypt or SHA-1 hashing function. This scrambled the passwords with a random set of characters, making them significantly difficult to crack.

Digital tokens

Digital tokens also compromised

Digital tokens also compromised

In addition to passwords, the hackers may have also accessed the digital tokens that allowed Flipboard to connect with third-party services like Facebook/Twitter.

The connection helped users sign-in seamlessly and comment on or share articles showing up on the news app.

However, the company says it has not found evidence of any third-party account being accessed due to compromised digital tokens.

Precaution

Flipboard has reset all users' passwords

Flipboard is working with law enforcement to investigate the hack, but as a precautionary step, the company has reset all users' passwords and disconnected digital tokens.

As a result, when you log into Flipboard, the service will prompt you to pick a new password.

Meanwhile, those using Flipboard with third-party services like Twitter or Facebook may have to connect their accounts again.

Share this timeline

Android

Security

Share this timeline

Ask NewsBytes
User Image

Next Timeline