Flipboard Hack Exposed Usernames, Email Addresses and Hashed Passwords

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,410
8,484



Flipboard today emailed Flipboard users to let them know about a security breach that saw usernames, email addresses, and protected passwords accessed by hackers.

Between June 2, 2018 and April 22, 2019, there was "unauthorized access" to Flipboard databases that leaked account information. Flipboard says the hackers "potentially obtained copies" of some databases, and has not yet shared details on how many accounts were compromised.


Databases included Flipboard usernames, names, email addresses, and passwords, but the passwords were salted and hashed, which means they weren't stored in plaintext and would be difficult to crack.

Also included were digital tokens used to connect Flipboard to third party services like Twitter or Facebook, if users had indeed connected their Flipboard accounts to their social media networks.

Flipboard is resetting all user passwords and replacing or deleting all digital tokens. If you connected Flipboard to Facebook or Twitter, you will need to reconnect your accounts.

Flipboard says that to prevent something like this from happening again, it has implemented "enhanced security measures." Law enforcement officials have also been notified.

The company recommends that users who use the same username and password for Flipboard that they use for other accounts change their passwords for other services as a precautionary measure.

Article Link: Flipboard Hack Exposed Usernames, Email Addresses and Hashed Passwords
 

chelsel

macrumors 6502
May 24, 2007
422
147
Who are the CTOs and engineers of these companies that decide they want to write their own authentication systems!? Companies need to start getting class action lawsuits for privacy violations and sued into oblivion... then they will start taking security seriously.
 

nwcs

macrumors 68000
Sep 21, 2009
1,795
2,244
Tennessee
While not excusing a breach, the reality is that security is multilayered and simply very hard. It’s a lot like keeping squirrels from bird feeders. The people looking to breach spend all their time and resources to breach but the security people can only do so much.

Factor in third party libraries with their own vulnerabilities, software vulnerabilities, hardware vulnerabilities, and human weaknesses to phishing and the like and the job is even harder.

After having dealt with various security stuff over the years, working with third parties in software scanning, pen testers, etc. I’ve realized that the odds are stacked perpetually against any company. There are more hackers out there with agendas, resources, and cleverness than there are people available to defend against them in every corporation. It’s the blessing and curse of the internet all at once.
 

sunapple

macrumors 68000
Jul 16, 2013
1,861
2,688
The Netherlands
Flipboard... I remember that name from when I had my first iPad in 2010, it was one of the first big iPad apps if I’m correct. No idea it still existed.

Hope they don’t still have my data (no, I’m not using that password anymore :p).
 

burgman

macrumors 68000
Sep 24, 2013
1,971
1,378
The bad news keeps coming from social media sites that do a poor job in protecting their networks.
I’ve never even heard of flipboard.. but then again I’ve never even had a FB account so that’s how little I give a flyin f about social media/
Thanks for the laugh, because it starts with an F it must be Facebook clone? Flipboard is a curated news app. :)
 

edgonzalez32

macrumors 6502
Jul 21, 2011
339
390
While not excusing a breach, the reality is that security is multilayered and simply very hard. It’s a lot like keeping squirrels from bird feeders. The people looking to breach spend all their time and resources to breach but the security people can only do so much.

Factor in third party libraries with their own vulnerabilities, software vulnerabilities, hardware vulnerabilities, and human weaknesses to phishing and the like and the job is even harder.

After having dealt with various security stuff over the years, working with third parties in software scanning, pen testers, etc. I’ve realized that the odds are stacked perpetually against any company. There are more hackers out there with agendas, resources, and cleverness than there are people available to defend against them in every corporation. It’s the blessing and curse of the internet all at once.
Yea, like people are way too quick to just start ******** all over a company when a data breach happens. Its insanely complex.
 

rk-apple

macrumors newbie
May 4, 2015
21
60
Who are the CTOs and engineers of these companies that decide they want to write their own authentication systems!? Companies need to start getting class action lawsuits for privacy violations and sued into oblivion... then they will start taking security seriously.
Really hard to demonstrate harm in a lawsuit. If my identity gets stolen, how am I going to know that it was due to the Flipboard hack, or some other hack of some other database I used. Makes it difficult for a lawsuit to go forward on that basis.

What we need are laws saying that if a company gets hacked, they have to pay a fine commensurate with the amount and type of data stolen, regardless if users were harmed or not. Then companies would be incentivized to have better security.
 

calzon65

macrumors 6502a
Jul 16, 2008
723
2,213
In the "old days" accessing company or government records usually required physical access (i.e.., James Bond had to break into the building and crack the safe), but with today's computerized records and networked systems (the Internet), security breaches have become all too common ... and will probably remain that way for a very long time.
 
  • Like
Reactions: Stars&Stripes

MisterSavage

macrumors 68000
Nov 10, 2018
1,533
1,237
Zite is still my all time favorite news aggregator but Flipboard is still an interesting read once in a while. Guess it's time to change my password.
 
  • Like
Reactions: rhett7660

code-m

macrumors 68000
Apr 13, 2006
1,562
1,222
Flipboard... I remember that name from when I had my first iPad in 2010, it was one of the first big iPad apps if I’m correct. No idea it still existed.

Hope they don’t still have my data (no, I’m not using that password anymore :p).
Used the free version a long time ago, not losing any sleep here.
 

thisisnotmyname

macrumors 68000
Oct 22, 2014
1,949
4,227
known but velocity indeterminate
Every site can be compromised with enough time and effort. At least passwords were hashed. Best for everyone to segment accounts to minimize damage when the site/service you use is eventually compromised. Not advocating that security doesn't matter, just advocating pragmatism in minimizing damage when security fails as it will.
 
  • Like
Reactions: Cartoonkid

cajun67

macrumors regular
Aug 29, 2011
155
215
Flipboard is a news aggregator and a social media wannabe.

I occasionally still use Flipboard, though honestly, I find Twitter to be a lot more useful for staying up-to-the-minute.

There are very few sites I allow to connect through FB. I still go through the extra trouble to register separately. And this scenario is exactly why it's worth the trouble. Hackers may have gotten my login, but it won't do them any good anywhere else.
 

MisterSavage

macrumors 68000
Nov 10, 2018
1,533
1,237
Flipboard is a news aggregator and a social media wannabe.

I occasionally still use Flipboard, though honestly, I find Twitter to be a lot more useful for staying up-to-the-minute.

There are very few sites I allow to connect through FB. I still go through the extra trouble to register separately. And this scenario is exactly why it's worth the trouble. Hackers may have gotten my login, but it won't do them any good anywhere else.
Agreed. I don't have Flipboard tied to anywhere either. By voting like/dislike on stories it's gotten to where Flipboard provides me with some good info once in a while.
 

doctor-don

macrumors 68000
Dec 26, 2008
1,536
290
Georgia USA
Thanks for the laugh, because it starts with an F it must be Facebook clone? Flipboard is a curated news app. :)
His POINT - as is MINE - was that some folks have NO interest in those apps. Especially in light of the hacking of accounts that has been ongoing for several years, it's good that people stay away from them. I have not one anti-social media account.
 
  • Like
Reactions: macpeach55

Fixey

macrumors regular
May 16, 2017
165
145
If they have taken time to hash the passwords and used a high level of hash then it will make it very difficult for anyone to find what the password was, but not impossible just dan hard.

If they have used week or no hash then they have access to all the passwords but only an idiot would create a database of passwords and store them as plain text right well perhaps some Facebook are not as dum as you. Yes Facebook you have you sorted your plain text passwords database out yet .
 

nouveau_redneck

macrumors 6502a
Sep 16, 2017
551
851
This does not stop until there are significant financial and potential criminal penalties for companies that have security breaches exposing customer data. It will be at that point that they start taking security seriously.
 

jonblatho

macrumors 65816
Jan 20, 2014
1,322
3,277
Missouri
His POINT - as is MINE - was that some folks have NO interest in those apps. Especially in light of the hacking of accounts that has been ongoing for several years, it's good that people stay away from them. I have not one anti-social media account.
Flipboard isn’t a social network, but don’t let that stop you from getting on your soapbox, I guess.
 

Enclavean

macrumors regular
Jun 14, 2018
206
1,618
His POINT - as is MINE - was that some folks have NO interest in those apps. Especially in light of the hacking of accounts that has been ongoing for several years, it's good that people stay away from them. I have not one anti-social media account.
Define "those apps"? Even iCloud is closer to a social media than flipboard so I assume your phone has literally 0 apps installed?
 
  • Like
Reactions: YaBe