Technology
Flipboard reveals data breach, which left users details exposed
Flipboard is the latest company to fall foul of a data breach.
The news aggregation app announced in a post that it had identified unauthorized access of some of its internal systems, which contained some Flipboard users’ account information and credentials.
For more than nine months, the unauthorized person had access to Flipboard’s systems, potentially able to obtain copies of databases which hosted users’ information.
It’s unclear yet how many users were affected by the breach, but an investigation commissioned by the company revealed there was unauthorised access between June 2018 and April 2019.
Passwords reset, most are secure
While the information on these databases included their name, Flipboard username, and email address, the passwords were cryptographically protected with an algorithm called bcrypt.
The algorithm adds a unique, random set of characters called a salt, on top of the usual hashing of the password, in which it is scrambled to make it difficult to figure out. This makes the passwords very tough to crack, requiring significant computing power to do so.
Passwords which were set before Mar. 14, 2012 were hashed and salted with an algorithm called SHA-1, a once-widely used function now long obsolete in the realm of internet security.
Flipboard said all user passwords have been reset in light of the breach, despite only some users being affected by the incident.
No third-party accounts accessed
The company also said its internal database contained digital tokens. These allowed Flipboard and a third-party to connect, for example when a user links their Flipboard account to social media platforms like Facebook or Twitter.
This allowed users to see content from these third-party accounts (i.e. making your Facebook News Feed readable on Flipboard), as well as comment on or share articles. The company said it had not seen unauthorized access to third-party accounts.
“We have not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts. As a precaution, we have replaced or deleted all digital tokens,” the post read.
“Importantly, we do not collect from users, and this incident did not involve Social Security numbers or other government-issued IDs, bank account, credit card, or other financial information.”
Flipboard said it has already notified law enforcement of the incident, which it discovered on Apr. 23.
For users, they’ll be prompted to change your password next time at login, and some will be prompted to reconnect to third-party services which were previously linked to Flipboard.
Consumer Financial Protection Bureau fines BloomTech for false claims
‘Big is moving to Paris’: Carrie Bradshaw discourse reignites as ‘Sex and the City’ hits Netflix
Klarna credit card launches in the US as Swedish fintech grows its market presence
How to set boundaries in the early stages of dating
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
How to watch ‘The Sympathizer’: Release date and streaming deals
Tesla layoffs hit high performers, some departments slashed, sources say
ChatGPT vs. Gemini: Which AI chatbot won our 5-round match?
Tesla layoffs hit high performers, some departments slashed, sources say
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
Pokemon resets some users passwords after hacking attempts
Apple sued, Microsoft’s AI ambitions and Nvidia’s surprises
TechCrunch Mobility: The wheels are starting to come off the Fisker EV bus
Lordstown Motors’ ousted CEO settles with SEC for misleading investors
DOJ’s Apple antitrust case neatly aligns with EU on one key point: NFC and mobile payments
Amazon Big Spring Sale 2024: Shop 350+ deals on Apple, robot vacuums, security cameras, more
Maju Kuruvilla is out as CEO of one-click checkout company Bolt
Where’s the AI in these ‘AI-powered’ products for your home?
What is the three-body problem in ‘3 Body Problem’?
API startup Noname Security nears $500M deal to sell itself to Akamai
Consumer Financial Protection Bureau fines BloomTech for false claims
‘Big is moving to Paris’: Carrie Bradshaw discourse reignites as ‘Sex and the City’ hits Netflix
Klarna credit card launches in the US as Swedish fintech grows its market presence
How to set boundaries in the early stages of dating
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
How to watch ‘The Sympathizer’: Release date and streaming deals
Tesla layoffs hit high performers, some departments slashed, sources say
ChatGPT vs. Gemini: Which AI chatbot won our 5-round match?
Tesla layoffs hit high performers, some departments slashed, sources say
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
-
Business5 days agoAPI startup Noname Security nears $500M deal to sell itself to Akamai
-
Business6 days agoUS think tank Heritage Foundation hit by cyberattack
-
Entertainment5 days agoNASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
-
Entertainment5 days agoHow to watch ‘Argylle’: When and where is it streaming?
-
Business4 days agoTesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
-
Entertainment4 days ago‘The Sympathizer’ review: Park Chan-wook’s Vietnam War spy thriller is TV magic
-
Business3 days agoTechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
-
Entertainment5 days agoDyson 360 Vis Nav robot vacuum review: Dyson should just stick to upright vacuums
