Flipboard data breach case: double hacks attempts lead the personal data exposed

The famous news aggregation software and having 150 million plus installers, Flipboard is involved in two recent hacks that leads the users’ personal data disclosure. The data recorded for the first breach between the date June 2 of 018 and 23rd March 2019 and the second attempts was occurred from April 21, 2019 to April 22 2019 before detected on 23rh of April.

The list of data that likely to be in the list of breached data:

  • User names and surnames
  • Provided email addresses,
  • Account tokens for third party services
  • And encrypted passwords.

No financial detail and social security numbers was revealed since the app does not store such things. Also, not all users get victimized by this breach.

The company claims to have reset the visitor’s password and discontinue the tokens:

“As another precautionary step, we disconnected tokens used to connect to all third-party accounts, and in collaboration with our partners, we replaced all digital tokens or deleted them where applicable.”

In to analyze the breach in deep, the company has decided to contact a law enforcement agency and security firm for the forensic investment. Hence, we conclude that the Company has handled the situation really well.

May 2012 and before passwords are more vulnerable for the breach

Users’ accounts before 14th of May 2012 have a better of their data get breached. The passwords before this date appear to be modified by using SHA-1 algorithm a weaker after making it difficult to decrypt by using various ciphers to scramble them. Old data that got changed due this data also have better chance of them being exposed.

Flipboard revealed that the two hacks attempts affected the account tokens. This is something that provides access to particular information from popular directories such as Facebook, Samsung, Google and Twitter. Now, it is safe, that’s what the company states:

“If you use Twitter/Google/Samsung/Facebook to log into your Flipboard account, you can continue to do so. Your password is not stored in our database and we’ve rotated digital tokens.”

Safety is important

Almost 150 accounts have been marked with the breach and still more to count. The company has sent information how to create a new password for t he account when login via email to each user. Specific hyperlink is also provided that help visitors to change the passwords with a special warning message that the password reset process should be completed before the link expiration date for the safety:

“Be sure to complete the password reset soon, as the link will expire after some time. If the password reset link no longer works, you can resend a password reset email. We recommend you update your password from time to time to help ensure account security.”

Flipboard is not the only who has victimized of the data breach. Few month ago, the online service marketplace Wyzant was hacked leading to customers’ database on internet networks under the control of unknown hackers who can expose names, emails, zip codes as well as Facebook profile information.

What most important to make ensure that you’re never been victimized by the breach is that you should enable two factor authentication where possible.