Industry Updates

Hackers Had Access To Flipboard User Information

Do you use the news aggregator service called Flipboard?

If so, be aware that the company has recently started notifying its user base that hackers breached their network and had access to their internal systems for approximately nine months.  If you haven’t heard from them yet, be on the lookout for an official communication from the company.

Although the investigation into the matter is still ongoing, what we know so far is that over a nine-month period, an unknown hacker or hacking organization got past the company’s digital defenses and gained access to databases that housed customer information that included:

  • User names
  • Full names
  • Hashed and salted passwords
  • Email addresses
  • Digital tokens that linked Flipboard profiles to accounts on third-party services

At this point, the total number of customer records that were compromised is unknown.  The passwords captured by the hackers were hashed and salted using the robust hashing algorithm ‘bcrypt’. However, it’s still possible (although unlikely) that a determined hacking group could decrypt the passwords.  Given that, the company has decided to err on the side of caution and force reset all passwords. So next time you log on, don’t be surprised when you have to change yours.

Although the company says that there’s no indication that the third-party tokens have been misused in any way, the fact that they were exposed in the first place is still cause for alarm.  In light of that, it would be prudent to change your passwords on any site you’ve connected via these tokens, especially if you’re using the same password across multiple websites.

This last bit is of special importance, and if you are one of the legions of users still using the same password across multiple websites you visit, it’s well past time to break that habit.