Hackers Had Access To Flipboard User Information
Do you use the news aggregator service called Flipboard?
If so, be aware that the company has recently started notifying its user base that hackers breached their
network and had access to their internal systems for approximately nine months. If you haven't heard
from them yet, be on the lookout for an official communication from the company.
Although the investigation into the matter is still ongoing, what we know so far is that over a nine-month
period, an unknown hacker or hacking organization got past the company's digital defenses and gained
access to databases that housed customer information that included:
- User names
- Full names
- Hashed and salted passwords
- Email addresses
- Digital tokens that linked Flipboard profiles to accounts on third-party services
At this point, the total number of customer records that were compromised is unknown. The passwords
captured by the hackers were hashed and salted using the robust hashing algorithm 'bcrypt'.
However, it's still possible (although unlikely) that a determined hacking group could decrypt the
passwords. Given that, the company has decided to err on the side of caution and force reset all passwords.
So next time you log on, don't be surprised when you have to change yours.
Although the company says that there's no indication that the third-party tokens have been misused in
any way, the fact that they were exposed in the first place is still cause for alarm. In light of that, it
would be prudent to change your passwords on any site you've connected via these tokens, especially if
you're using the same password across multiple websites.
This last bit is of special importance, and if you are one of the legions of users still using the same
password across multiple websites you visit, it's well past time to break that habit.
