Data Breach

News aggregator Flipboard disclosed a data breach

The news aggregator Flipboard announced that it suffered a breach, unauthorized users had access to some databases storing user account information.

The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information.

Hackers had access to the company systems between June 2, 2018, and March 23, 2019, and again on April 21-22, 2019. On April 23, the internal staff noticed suspicious activity in its infrastructure.

“We recently identified unauthorized access to some of our databases containing certain Flipboard users’ account information, including account credentials,” reads the incident notice published by Flipboard. “In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist. Findings from the investigation indicate an unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018 and March 23, 2019 and April 21 – 22, 2019.”

Flipboard have more than 145 million users and hackers have exfiltrated their data. Stolen records include names, usernames, password hashes, email addresses, and for some users digital tokens used to access Flipboard through third-party services.

Flipboard said that most of the passwords were hashed with bcrypt, while the passworts for users that have not logged into their account since March 14, 2012, were protected with SHA-1 hashing algorithm and uniquely salted.

Flipboard has not found any evidence the hackers accessed third-party accounts connected to users’ accounts, anyway as a precaution, the company replaced or deleted all digital tokens. At the time it is not clear the extent of the breach, anyway, the company forced a password reset for all its users.

The news aggregator pointed out that it does not collect users’ data, this means that the data breach did not expose sensitive data.

“Notably, Flipboard does not collect from users, and this incident did not involve, government issued IDs (such as Social Security numbers or driver’s license numbers), or payment card, bank account, or other financial information.” continues the security notice.

Flipboard reported the incident to the authorities and hired a security firm to help with the investigation.


If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trimble Cityworks vulnerability to its Known Exploited…

3 hours ago

Hospital Sisters Health System impacted 882,782 individuals

The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000…

7 hours ago

Attackers used a public ASP.NET machine to conduct ViewState code injection attacks

Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET…

16 hours ago

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Outlook, Sophos XG Firewall, and other flaws…

1 day ago

Cisco addressed two critical flaws in its Identity Services Engine (ISE)

Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes.…

1 day ago

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain…

2 days ago

This website uses cookies.