Flipboard sent an email out to its users earlier today informing them that it has reset their password due to adata breach on the platform.- The news aggregator did not disclose how many accounts had been affected by the vulnerability.
- Users have been asked to check their accounts and set up new passwords.
The app has over one million downloads in Google Play Store but the company has not disclosed how many users were actually affected — just that, not everyone was exposed.
Flipboard assured users that until now, they haven’t found evidence that the data breach led to the hacker gaining access to any of the third party accounts — like Facebook, Google and Twitter — which are linked with Flipboard user’s accounts.
How much data was exposed?
According to Flipboard, they identified that somebody had gained unauthorised access to their databases, which contained user account information and credentials.
On discovering the breach, the American tech start up launched an investigation and hired an external security firm to find out what had happened.
Their inquiry revealed that the data breach happened between June 2, 2018 to March 23, 2019 and April 21-22, 2019.
Flipboard’s third party login feature has been around since 2015. It allows users to sign up for the news service using Google, Facebook or Twitter. During the data breach, hackers were able to access the digital tokens that connect Flipboard to third party accounts.
Before the data breach was caught, hackers would have had the option to use the tokens to make changes to a user's account and invite new people on to the platform without the user’s consent. But, Flipboard claims that in the course of their investigation, they found no evidence that hackers had actually done so.
At the end of the day, as long as users change their password and re-authorize any third party account access — the old digital tokens won’t be of any use to the hackers.