be-nz logo
Story image

Users’ names and email addresses leaked in Flipboard data breach

30 May 2019

Content aggregation site Flipboard has been a victim of a data breach that possibly compromised users’ names, Flipboard usernames, cryptographically protected passwords and email addresses.

In an email to its users, Flipboard said it recently identified unauthorised access to some of its databases containing certain Flipboard users' account information, including account credentials.

“In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist. 

“Findings from the investigation indicate an unauthorised person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018, and March 23, 2019, and between April 21 to 22, 2019.”

Flipboard when on to explain the techniques it used to protect user passwords.

“Flipboard has always cryptographically protected passwords using a technique known by security experts as 'salted hashing'."

“The benefit of hashing passwords is that we never need to store the passwords in plain text.

The statement adds, “Moreover, using a unique salt for each password in combination with the hashing algorithms makes it very difficult and requires significant compute resources to crack these hashed passwords.”

“If you created or changed your password after March 14, 2012, it is hashed with a function called bcrypt. If you have not changed your password since then, it is uniquely salted and hashed with SHA-1.”

Flipboard has reset all users’ passwords as a precaution.

Users can continue to use the app on devices from which they are already logged in, but will be prompted to create a new password if they access their account from a new device.  

“As another precautionary step, we disconnected tokens used to connect to all third-party accounts, and in collaboration with our partners, we replaced all digital tokens or deleted them where applicable,” the statement said.

“Additionally, to help prevent something like this from happening in the future, we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems.

“We also notified law enforcement.”

BlackFog CEO and founder Dr Darren Williams says, “What’s particularly concerning about this case is that an unauthorised person had access to the news aggregator’s database for such a long period of time – more than nine months – and was able to make copies of user account information.

“For consumers, this shows us the importance of being your own first line of defence and using different passwords across platforms.

"The Flipboard hacker had access to user names, email addresses, and encrypted passwords – a dangerous combination for those who rely on one password.”

Story image
Interview: Equinox co-CEOs on adopting cloud and delivering business value
In the midst of global pandemic and remote working, delivering business value and adopting DevOps and cloud is an even greater challenge. David Reiss and Deane Sloan of Equinox explain how to navigate adoption and security during COVID-19.More
Story image
Trade Me announces full migration to cloud with Google Cloud partnership
The online auction website says the move will migrate all systems and applications off its on-premise data centres and fully migrate to the cloud.More
Story image
Hootsuite offers free pro plan to non profits and SMBs during COVID-19
Hootsuite has announced free access to its professional plan for all non-for-profit organisations and small businesses in a bid to support them through the COVID-19 outbreak and its impacts. More
Story image
You're virtually invited: How the smartest organisations manage Office 365 and Microsoft Teams
If you’re starting your digital transformation journey or want to find out more about how you can boost your Office 365 productivity, this is your chance to take advantage of expert advice - free.More
Story image
Chorus: First day of significant increase in broadband traffic
Traffic has begun to increase in day time broadband traffic as the network starts to see the impact of the COVID-19 outbreak. More
Story image
Survey reveals challenges facing Kiwis working at home
35% of survey respondents say that they feel less productive, and 35-44 year olds expect working with kids at home may prove a challenge.More