[BreachExchange] Flipboard suffers user data breach

[Destry Winant]

https://www.itproportal.com/news/flipboard-suffers-user-data-breach/

Flipboard has discovered that its systems were compromised nine months
ago, giving hackers unobstructed access to its network.

Two incidents were detected, the first breach occurring between June
2, 2018 and March 23, 2019, and the second one between April 21 and
April 22, 2019. It is the second one which the company spotted, and
notified law enforcement agencies.

The company started notifying users of the breach via email, in which
it said that information like Flipboard usernames, hashed passwords,
emails and digital tokens, were compromised.

However, hackers will have very little benefit from the obtained
passwords, given that they were hashed with bcrypt, a strong
password-hashing algorithm.

"If users created or changed their password after March 14, 2012, it
is hashed with a function called bcrypt. If users have not changed
their password since then, it is uniquely salted and hashed with
SHA-1," Flipboard said.

We don’t know how many accounts were compromised, although Flipboard
said that not everyone was affected.

"We're still in the process of determining the total number," the
company said. "We do know that not all accounts were compromised."

Everyone is getting their passwords reset now, impacted or not.
Flipboard also said that all digital tokens that users needed to
connect with third-party services have already been replaced.

Furthermore, the company has already replaced all digital tokens that
customers used to connect Flipboard with third-party services like
Facebook, Twitter, Google, and Samsung.

"We have not found any evidence the unauthorized person accessed
third-party account(s) connected to your Flipboard accounts," the
company said.