What just happened? Flipboard has become the latest tech giant to disclose a security breach involving sensitive user information. Data exposed in the breach includes user names, hashed and salted passwords, e-mail addresses and digital tokens used to link third-party accounts to Flipboard.
The company said in a recent notice that its engineering team discovered the unauthorized activity on April 23 while investigating suspicious activity from a month earlier. As it turns out, an attacker had access and potentially obtained copies of certain databases between June 2, 2018, and March 23, 2019, and again on April 21 – 22, 2019.
Users that created or changed their password after March 14, 2012, had their password hashed using bcrypt. Prior to that date, passwords were salted and hashed with the weaker SHA-1.
Flipboard is still identifying accounts involved in the breach, adding that “not all Flipboard users’ account information was involved in the incident.” It is believed that Flipboard has as many as 150 million monthly active users.
Flipboard said it has reset all user passwords, even those that were cryptographically protected and those that were not involved in the breach. The social news app also disconnected tokens used to connect to third-party accounts, replacing or deleting them as applicable.
Image credit: Flipboard by OpturaDesign