sb-nz logo
Story image

Users’ names and email addresses leaked in Flipboard data breach

30 May 2019

Content aggregation site Flipboard has been a victim of a data breach that possibly compromised users’ names, Flipboard usernames, cryptographically protected passwords and email addresses.

In an email to its users, Flipboard said it recently identified unauthorised access to some of its databases containing certain Flipboard users' account information, including account credentials.

“In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist. 

“Findings from the investigation indicate an unauthorised person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018, and March 23, 2019, and between April 21 to 22, 2019.”

Flipboard when on to explain the techniques it used to protect user passwords.

“Flipboard has always cryptographically protected passwords using a technique known by security experts as 'salted hashing'."

“The benefit of hashing passwords is that we never need to store the passwords in plain text.

The statement adds, “Moreover, using a unique salt for each password in combination with the hashing algorithms makes it very difficult and requires significant compute resources to crack these hashed passwords.”

“If you created or changed your password after March 14, 2012, it is hashed with a function called bcrypt. If you have not changed your password since then, it is uniquely salted and hashed with SHA-1.”

Flipboard has reset all users’ passwords as a precaution.

Users can continue to use the app on devices from which they are already logged in, but will be prompted to create a new password if they access their account from a new device.  

“As another precautionary step, we disconnected tokens used to connect to all third-party accounts, and in collaboration with our partners, we replaced all digital tokens or deleted them where applicable,” the statement said.

“Additionally, to help prevent something like this from happening in the future, we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems.

“We also notified law enforcement.”

BlackFog CEO and founder Dr Darren Williams says, “What’s particularly concerning about this case is that an unauthorised person had access to the news aggregator’s database for such a long period of time – more than nine months – and was able to make copies of user account information.

“For consumers, this shows us the importance of being your own first line of defence and using different passwords across platforms.

"The Flipboard hacker had access to user names, email addresses, and encrypted passwords – a dangerous combination for those who rely on one password.”

Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Fortinet: Hyperscaling networks? Hyperscale your security!
Jon McGettigan, Fortinet A/NZ Regional Director, explains why a broad, integrated and automated security fabric is the most effective strategy to protect users, apps and data in a hyperscaling environment.More
Story image
COVID-19-themed threats, Powershell malware continue surge
“The world—and enterprises—adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume."More
Story image
New wormable Android malware discovered through auto-replies in WhatsApp
Check Point Research has discovered new malware on Google’s Play Store that could spread through WhatsApp messages. More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More