Technology
Flipboard reveals data breach, which left users details exposed
Flipboard is the latest company to fall foul of a data breach.
The news aggregation app announced in a post that it had identified unauthorized access of some of its internal systems, which contained some Flipboard users’ account information and credentials.
For more than nine months, the unauthorized person had access to Flipboard’s systems, potentially able to obtain copies of databases which hosted users’ information.
It’s unclear yet how many users were affected by the breach, but an investigation commissioned by the company revealed there was unauthorised access between June 2018 and April 2019.
Passwords reset, most are secure
While the information on these databases included their name, Flipboard username, and email address, the passwords were cryptographically protected with an algorithm called bcrypt.
The algorithm adds a unique, random set of characters called a salt, on top of the usual hashing of the password, in which it is scrambled to make it difficult to figure out. This makes the passwords very tough to crack, requiring significant computing power to do so.
Passwords which were set before Mar. 14, 2012 were hashed and salted with an algorithm called SHA-1, a once-widely used function now long obsolete in the realm of internet security.
Flipboard said all user passwords have been reset in light of the breach, despite only some users being affected by the incident.
No third-party accounts accessed
The company also said its internal database contained digital tokens. These allowed Flipboard and a third-party to connect, for example when a user links their Flipboard account to social media platforms like Facebook or Twitter.
This allowed users to see content from these third-party accounts (i.e. making your Facebook News Feed readable on Flipboard), as well as comment on or share articles. The company said it had not seen unauthorized access to third-party accounts.
“We have not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts. As a precaution, we have replaced or deleted all digital tokens,” the post read.
“Importantly, we do not collect from users, and this incident did not involve Social Security numbers or other government-issued IDs, bank account, credit card, or other financial information.”
Flipboard said it has already notified law enforcement of the incident, which it discovered on Apr. 23.
For users, they’ll be prompted to change your password next time at login, and some will be prompted to reconnect to third-party services which were previously linked to Flipboard.
-
Entertainment6 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment6 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment5 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment4 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment4 days ago
Mars is littered with junk. Historians want to save it.
-
Entertainment5 days ago
CES 2025 preview: What to expect
-
Entertainment3 days ago
Should you buy the 2024 Kindle Paperwhite Signature Edition?
-
Entertainment2 days ago
2024: A year of digital organizing from Palestine to X