The news and social media aggregator Flipboard disclosed on Tuesday that it suffered a breach, unauthorized users had access to some databases storing user information.
Hackers had access to the company systems between June 2, 2018, and March 23, 2019, and again on April 21-22, 2019. On April 23, the internal staff noticed suspicious activity in its infrastructure.
“We recently identified unauthorized access to some of our databases containing certain Flipboard users’ account information, including account credentials,” reads the incident notice published by Flipboard. “In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist. Findings from the investigation indicate an unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018 and March 23, 2019 and April 21 – 22, 2019.”
Flipboard have more than 145 million users and hackers have exfiltrated their data. Stolen records include names, usernames, password hashes, email addresses, and for some users digital tokens used to access Flipboard through third-party services.
Flipboard said that most of the passwords were hashed with bcrypt, while the passworts for users that have not logged into their account since March 14, 2012, were protected with SHA-1 hashing algorithm and uniquely salted.
Flipboard has not found any evidence the hackers accessed third-party accounts connected to users’ accounts, anyway as a precaution, the company replaced or deleted all digital tokens. At the time it is not clear the extent of the breach, anyway, the company forced a password reset for all its users.
The news aggregator pointed out that it does not collect users’ data, this means that the data breach did not expose sensitive data.
“Notably, Flipboard does not collect from users, and this incident did not involve, government issued IDs (such as Social Security numbers or driver’s license numbers), or payment card, bank account, or other financial information.” continues the security notice.
Flipboard reported the incident to the authorities and hired a security firm to help with the investigation.
Thank you
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, data breach)
[adrotate banner=”5″]
[adrotate banner=”13″]
Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of…
U.K. police arrested a 17-year-old teenager allegedly linked to the cyberattack on London's public transportation…
The Singapore Police Force (SPF) has arrested six individuals for their role in the operations…
Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary…
Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that…
Researchers observed the RansomHub ransomware group using the TDSSKiller tool to disable endpoint detection and…
This website uses cookies.