Technology
Flipboard reveals data breach, which left users details exposed
Flipboard is the latest company to fall foul of a data breach.
The news aggregation app announced in a post that it had identified unauthorized access of some of its internal systems, which contained some Flipboard users’ account information and credentials.
For more than nine months, the unauthorized person had access to Flipboard’s systems, potentially able to obtain copies of databases which hosted users’ information.
It’s unclear yet how many users were affected by the breach, but an investigation commissioned by the company revealed there was unauthorised access between June 2018 and April 2019.
Passwords reset, most are secure
While the information on these databases included their name, Flipboard username, and email address, the passwords were cryptographically protected with an algorithm called bcrypt.
The algorithm adds a unique, random set of characters called a salt, on top of the usual hashing of the password, in which it is scrambled to make it difficult to figure out. This makes the passwords very tough to crack, requiring significant computing power to do so.
Passwords which were set before Mar. 14, 2012 were hashed and salted with an algorithm called SHA-1, a once-widely used function now long obsolete in the realm of internet security.
Flipboard said all user passwords have been reset in light of the breach, despite only some users being affected by the incident.
No third-party accounts accessed
The company also said its internal database contained digital tokens. These allowed Flipboard and a third-party to connect, for example when a user links their Flipboard account to social media platforms like Facebook or Twitter.
This allowed users to see content from these third-party accounts (i.e. making your Facebook News Feed readable on Flipboard), as well as comment on or share articles. The company said it had not seen unauthorized access to third-party accounts.
“We have not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts. As a precaution, we have replaced or deleted all digital tokens,” the post read.
“Importantly, we do not collect from users, and this incident did not involve Social Security numbers or other government-issued IDs, bank account, credit card, or other financial information.”
Flipboard said it has already notified law enforcement of the incident, which it discovered on Apr. 23.
For users, they’ll be prompted to change your password next time at login, and some will be prompted to reconnect to third-party services which were previously linked to Flipboard.
-
Business6 days ago
Xaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
-
Business7 days ago
UK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
-
Entertainment5 days ago
Summer Movie Preview: From ‘Alien’ and ‘Furiosa’ to ‘Deadpool and Wolverine’
-
Business6 days ago
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
-
Entertainment4 days ago
What’s on the far side of the moon? Not darkness.
-
Business5 days ago
How Rubrik’s IPO paid off big for Greylock VC Asheem Chandna
-
Business5 days ago
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal
-
Business4 days ago
TikTok faces a ban in the US, Tesla profits drop and healthcare data leaks