Flipboard breach exposed usernames and passwords
The social news app has reset all its users' passwords.
If you get a password reset request from Flipboard next time you log in, don't worry -- it's not just you. The social news aggregator has revealed that an unauthorized party infiltrated some of its databases more than once and "potentially obtained copies" of the user information they contained. The unauthorized activities took place between June 2nd, 2018 and March 23rd, 2019, as well as between April 21st and 22nd, 2019. While the security breaches didn't affect all its users, Flipboard has chosen to roll out password resets to all its 145 million accounts as a precautionary measure.
We recently identified & addressed a security incident. We've taken measures to protect users' accounts & secure our systems. As a precautionary measure, we proactively reset all user passwords. We're providing more details via email & on our support page. https://t.co/tSTKwt7PYN
— Flipboard (@Flipboard) May 28, 2019
The user details stored in the databases the hacker broke into include people's usernames, email addresses and passwords. Thankfully, those passwords are salted and hashed -- in other words, they weren't kept in an easily readable plain text format -- though older ones that haven't been updated since March 2012 are protected by a weaker encryption technology.
The databases also contained digital tokens used to connect people's accounts with third-party websites and social media platforms like Facebook. While the company says it didn't find evidence the tokens were used to break into the accounts users connected with their Flipboard profiles, it replaced and deleted all those tokens nonetheless.
Unfortunately, Flipboard still isn't done with its investigation and has yet to reveal the total number of compromised accounts. You may want to change your passwords anyway, just to be safe.
