Flipboard resets user passwords after recent data breach

Flipboard company logoFlipboard

  • Flipboard sent an email out to its users earlier today informing them that it has reset their password due to a data breach on the platform.
  • The news aggregator did not disclose how many accounts had been affected by the vulnerability.
  • Users have been asked to check their accounts and set up new passwords.
Flipboard, the news aggregating mobile app, sent out notifications to its users today telling them that their passwords have been reset after the company spotted a data breach that put confidential user data at risk.

The app has over one million downloads in Google Play Store but the company has not disclosed how many users were actually affected — just that, not everyone was exposed.

As a precaution, we have reset all users’ passwords, even though the passwords were cryptographically protected and not all users’ account information was involved.

Statement from Flipboard team

Flipboard assured users that until now, they haven’t found evidence that the data breach led to the hacker gaining access to any of the third party accounts — like Facebook, Google and Twitter — which are linked with Flipboard user’s accounts.

We deeply regret this incident happened. For more information and answers to frequently asked questions, we have created a support page with more details about the incident.

Statement from Flipboard team

How much data was exposed?

According to Flipboard, they identified that somebody had gained unauthorised access to their databases, which contained user account information and credentials.

On discovering the breach, the American tech start up launched an investigation and hired an external security firm to find out what had happened.

Their inquiry revealed that the data breach happened between June 2, 2018 to March 23, 2019 and April 21-22, 2019.

Flipboard’s third party login feature has been around since 2015. It allows users to sign up for the news service using Google, Facebook or Twitter. During the data breach, hackers were able to access the digital tokens that connect Flipboard to third party accounts.

Before the data breach was caught, hackers would have had the option to use the tokens to make changes to a user's account and invite new people on to the platform without the user’s consent. But, Flipboard claims that in the course of their investigation, they found no evidence that hackers had actually done so.

(Data breach) potentially may have allowed the unauthorized person to read or make posts and messages on the account and access some user account information, such as user name, profile information, posts to the site, and connections. In some cases, this access also allowed changes to this information, such as inviting new people to connect.

Statement from Flipboard team

At the end of the day, as long as users change their password and re-authorize any third party account access — the old digital tokens won’t be of any use to the hackers.



{{}}
Add Comment()
Comments ()
X
Sort By:
Be the first one to comment.
We have sent you a verification email. This comment will be published once verification is done.