Flipboard Database Breached Exposing User’s Details


News aggregator service and mobile news app Flipboard has earlier today started notifying its users of a data breach in which hackers had access to their internal systems which might have been going on for almost nine months. The hackers had access to databases that contained user’s information including their usernames, hashed and uniquely salted passwords, emails and digital tokens linking user profiles to accounts on third-party services.

Am I among the affected?

Things are not looking that grim as most of these passwords were hashed with bcrypt, a very hard-to-crack password hashing algorithm while others were hashed with SHA-1, a relatively weaker algorithm and now obsolete. Bcrypt became effective for users who changed their passwords after 14th March 2012.

No Social Security numbers, credit card information or other financial data from users was revealed, as the Flipboard app doesn’t collect that information.

Extra Measures

Out of its 145 million monthly users, Flipboard did not share the exact number of accounts breached but assured that not all of its users were affected. Flipboard is, however, taking an extra step by resetting all customer passwords just to be safe similar to what Google did for some of its G Suite users.

Flipboard also confirmed that there was no evidence unauthorized people accessed third party accounts connected to Flipboard accounts but they have replaced all digital tokens that people used to connect Flipboard with third-party services like Samsung, Twitter, Facebook, and Google.

The next time you log in to Flipboard, you’ll either be prompted to change your password or reconnect to third-party services which you were previously linked to Flipboard.

Flipboard said it noticed suspicious activity on its database network late last month when hackers tried to access their internal systems which was a second attempt as the first attempt took place between 2nd June 2018 and 23rd March 2019.

Flipboard has already notified law enforcement agencies regarding this security breach.