The Hacked Database of Flipboard and Its Background Story
Flipboard, a popular news aggregator and mobile news app service, has recently issued a security notice regarding what the company refers to as a “security incident,” acknowledging that it had been compromised for nearly nine months. This incident raises significant concerns about Flipboard’s security system, given its extensive user base globally. Hackers gained serious access to user account details, including email addresses, usernames, hashed passwords, and account tokens. Flipboard disclosed that hackers had intermittent access to its confidential information during two brief periods.
Flipboard stored its consumers’ information in a database, which unfortunately became compromised. Consequently, the company sent a series of emails to all its users.
Most Passwords Are Secure
According to Flipboard, its databases stored usernames and hashed passwords, with some hashed using a salted hashing algorithm. Additionally, Flipboard stored digital tokens or emails linked to third-party services in certain cases. Fortunately, the majority of passwords were strongly hashed with a hashing algorithm, making them highly secure.
While some weak passwords were hashed using the SHA-1 algorithm, they were not prevalent. Flipboard stated that accounts created or passwords changed after March 14th, 2012, were hashed with bcrypt, offering stronger security. However, passwords unchanged since that date were weaker and followed the SHA-1 algorithm.
Not All Accounts Are Impacted
Flipboard did not disclose the exact number of impacted accounts but assured users that not all accounts were affected. To address confusion, Flipboard stated that they were expediting the process of determining the total number of impacted accounts. In a series of emails to users, Flipboard requested a password reset as a precautionary security measure for both impacted and non-impacted account holders.
To enhance stability and security, the company replaced entire sets of digital tokens, which customers used to connect third-party social platforms with Flipboard. However, Flipboard stated that they found no evidence of unauthorized access to third-party accounts connected to Flipboard.
Extensive Breach
Despite the positive news, the breach was extensive, and the company’s IT staff will need to address it. Hackers had access to Flipboard’s internal data system for over nine months. Flipboard promptly investigated the breach after detecting suspicious activity on its internal database network during the second intrusion and notified law enforcement.
In conclusion, Flipboard’s decision to enforce password resets in 2012, following the introduction of the hashing algorithm, appears prudent in retrospect.
