Flipboard is a news aggregator and social aggregator company based in Palo Alto, California established since 2010. As it nears almost 10 years, Flipboard has announced that it has experienced a data and security breach.
After major companies like eBay, Uber, Facebook, Fortnite, Dunkin’ Donuts, etc. experiencing security and data breach in the past few years, it seems that now Flipboard was next in line.
Flipboard has circulated a public note regarding the security breach as well as an email to all its users. It has been explained in detail what has happened and what steps to be taken and what will happen from now on.
The note stated that its database containing account information of certain users has been hacked. It was in breach of security for almost 10 months from June 2, 2018 to March 23, 2019 and from April 21, 2019 to April 22, 2019. They were successfully able to download data from the database like the user’s real name, usernames, cryptographically protected passwords and email addresses and also digital tokens for users who linked their Flipboard account to a third-party social media service.
Email to the users explained how the passwords were encrypted and the hackers would need a key to decrypt the password. The technique used for encryption was salted hashing which allowed them to never store the password in plain text. This method provided a unique salt for each password along with the hashing algorithm function bcrypt and it is only applied to users who have changed or created their password after March 14,2012. If the password is the same since before March 14,2012, then the hash function used would be SHA-1 along with unique salt for encryption of the password.
They have launched an investigation and hired a security firm to tackle this issue which was first noticed on April 23, 2019. Flipboard assured users that though there has been no evidence of stealing of third-party digital tokens by the hackers, they have replaced all the tokens to maintain security.
Flipboard took a step to reset the passwords of all the users to avoid further leakage. Users already logged on will be able to access the Flipboard service normally, but the logged-out users will have to create a new password for themselves as well as the users using a different device for logging in. Also, they have disconnected all the third party connected social services for the time being and interested users will have to reconnect again.
The company is still in the process of identifying how many and who all among the 150 million monthly users were affected by this hack. Other sensitive information like the social security number, credit card details, government issued ID details or bank account details were not a part of this hack.
All the available information was uncovered after the initial investigation conducted by the company after they cited the breach and as they believe in transparency being an important part of the Flipboard community, they disclosed sufficient information in the email sent to the users. But I speculate that fearing the information to leak they configured this email so that they can promote transparency and maintain trust among its customers.
Cyber security has been a vital problem in this past few years and every new day brings another tech giant being attacked by the black hackers.