loader gif

Attackers hacked Flipboard databases and compromised users’ account details

Attackers hacked Flipboard databases and compromised users’ account details
  • The hacked databases contained Flipboard users’ account information including user names, hashed and salted passwords, email addresses, and digital tokens used to login to Flipboard using site credentials from Google, Facebook, and Twitter.
  • The news aggregator site has reset passwords for all users and disconnected tokens used to connect to all third-party accounts.

What happened?

Unauthorized third-parties have hacked the databases of the news aggregation site Flipboard and have potentially downloaded the data contained within them.

When did it happen?

The unauthorized user accessed the databases between June 2, 2018, and March 23, 2019, and between April 21, 2019, and April 22, 2019.

What information was compromised?

The databases contained Flipboard users’ account information including user names, hashed and salted passwords, email addresses, and digital tokens used to login to Flipboard using site credentials from Google, Facebook, and Twitter.

The exposed user passwords were all hashed with a strong cipher called bcrypt, however, it is not impossible to crack the passwords. Users who have not logged into their accounts since March 14th, 2012, would have had their passwords hashed using SHA-1, which would be easier to crack.

What was the immediate action taken?

  • Upon discovery, Flipboard immediately launched an extensive investigation and notified law enforcement authorities about the incident.
  • The company also hired an external security firm to assist them with the investigation.
  • The news aggregator site has reset passwords for all users and disconnected tokens used to connect to all third-party accounts.
  • Further, the company has implemented enhanced security measures to prevent such incidents from happening in the future.

“As another precautionary step, we disconnected tokens used to connect to all third-party accounts, and in collaboration with our partners, we replaced all digital tokens or deleted them where applicable,” Flipboard said in a security notice.

loader gif