sb-eu logo
Story image

Users’ names and email addresses leaked in Flipboard data breach

30 May 2019

Content aggregation site Flipboard has been a victim of a data breach that possibly compromised users’ names, Flipboard usernames, cryptographically protected passwords and email addresses.

In an email to its users, Flipboard said it recently identified unauthorised access to some of its databases containing certain Flipboard users' account information, including account credentials.

“In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist. 

“Findings from the investigation indicate an unauthorised person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018, and March 23, 2019, and between April 21 to 22, 2019.”

Flipboard when on to explain the techniques it used to protect user passwords.

“Flipboard has always cryptographically protected passwords using a technique known by security experts as 'salted hashing'."

“The benefit of hashing passwords is that we never need to store the passwords in plain text.

The statement adds, “Moreover, using a unique salt for each password in combination with the hashing algorithms makes it very difficult and requires significant compute resources to crack these hashed passwords.”

“If you created or changed your password after March 14, 2012, it is hashed with a function called bcrypt. If you have not changed your password since then, it is uniquely salted and hashed with SHA-1.”

Flipboard has reset all users’ passwords as a precaution.

Users can continue to use the app on devices from which they are already logged in, but will be prompted to create a new password if they access their account from a new device.  

“As another precautionary step, we disconnected tokens used to connect to all third-party accounts, and in collaboration with our partners, we replaced all digital tokens or deleted them where applicable,” the statement said.

“Additionally, to help prevent something like this from happening in the future, we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems.

“We also notified law enforcement.”

BlackFog CEO and founder Dr Darren Williams says, “What’s particularly concerning about this case is that an unauthorised person had access to the news aggregator’s database for such a long period of time – more than nine months – and was able to make copies of user account information.

“For consumers, this shows us the importance of being your own first line of defence and using different passwords across platforms.

"The Flipboard hacker had access to user names, email addresses, and encrypted passwords – a dangerous combination for those who rely on one password.”

Story image
Network security and ADC market to reach $19 billion by 2024
The ongoing COVID-19 pandemic will continue to impact the market both negatively and positively throughout 2020 and into the first half of 2021.More
Story image
APAC consumers not taking ownership of their data, study finds
The majority of consumers in the Asia Pacific (APAC) region expect businesses or governments to protect their data, according to a new F5 research report titled Curve of Convenience 2020: The Privacy-Convenience Paradox. More
Story image
Cloud breaches set to increase in velocity and scale - Accurics
“While the adoption of cloud native infrastructure such as containers, serverless, and servicemesh is fuelling innovation, misconfigurations are becoming commonplace and creating serious risk exposure for organisations."More
Story image
SentinelOne signs Netpoleon as security distributor in Asia Pacific Japan
“Working with a partner that understands our needs and can provide access and reach across a diverse region with strong security expertise, makes partnering with Netpoleon compelling and a logical choice for our next phase of growth."More
Story image
Why greater network visibility is needed to reduce the threat posed by IoT in the enterprise
At home and abroad, organisations have joined the rush to embrace Internet of Things (IoT) technology, but a new survey shows they’re only just beginning to wake up to the enormous risk those devices pose, writes ExtraHop A/NZ Regional Sales Manager Glen Maloney.More
Story image
Cyber criminals turn to Gmail and AOL to advance attacks
“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests."More