Flipboard Hack Exposed Usernames, Email Addresses and Hashed Passwords

[darkcompass]

I stopped using it a while ago.
Thanks for reminding me Flipboard - Account deleted.

 

[rhett7660]

Zite is still my all time favorite news aggregator but Flipboard is still an interesting read once in a while. Guess it's time to change my password.

You and me both... I tried Flipboard once they purchased Zite, but I found it not as pleasing and well cumbersome compared to what Zite offered. I haven't been back to Flipboard in quite some time.

 

[MisterSavage]

You and me both... I tried Flipboard once they purchased Zite, but I found it not as pleasing and well cumbersome compared to what Zite offered. I haven't been back to Flipboard in quite some time.

It still kills me that they killed Zite. It was so much better. Flipboard has a lot more competition now with Apple News and such in the picture now.

 

[npmacuser5]

While not excusing a breach, the reality is that security is multilayered and simply very hard. It’s a lot like keeping squirrels from bird feeders. The people looking to breach spend all their time and resources to breach but the security people can only do so much.

Factor in third party libraries with their own vulnerabilities, software vulnerabilities, hardware vulnerabilities, and human weaknesses to phishing and the like and the job is even harder.

After having dealt with various security stuff over the years, working with third parties in software scanning, pen testers, etc. I’ve realized that the odds are stacked perpetually against any company. There are more hackers out there with agendas, resources, and cleverness than there are people available to defend against them in every corporation. It’s the blessing and curse of the internet all at once.

Agree with your statements on the one side of the equation. Good points.

Security so important that it needs a level of attention in the business decision as let’s say funding. The issue up to today, security an afterthought. This needs to change.

If a company does not have the resources to keep security at the top of their priority list, then they should not be in a business connected to the internet. Cost of doing business.

We the people need to also support those companies that take security first with our Monies. Should be a top priority for us as well. Cost of doing business.

Finally, this Robin Hood cult attitude needs changing. Stiffer penalties and abilities to go find these bad folks no matter what rock they hide under.

 

[MacBH928]

While not excusing a breach, the reality is that security is multilayered and simply very hard. It’s a lot like keeping squirrels from bird feeders. The people looking to breach spend all their time and resources to breach but the security people can only do so much.

Factor in third party libraries with their own vulnerabilities, software vulnerabilities, hardware vulnerabilities, and human weaknesses to phishing and the like and the job is even harder.

After having dealt with various security stuff over the years, working with third parties in software scanning, pen testers, etc. I’ve realized that the odds are stacked perpetually against any company. There are more hackers out there with agendas, resources, and cleverness than there are people available to defend against them in every corporation. It’s the blessing and curse of the internet all at once.

this is why i am an advocate of going back to using paper for more sensitive stuff, if someone breached your email your whole life is in there. Conversations, medical, financial, business plans, travel history, resetting passwords, media files in storage, personal images, bills...you name it.

 

[rhett7660]

It still kills me that they killed Zite. It was so much better. Flipboard has a lot more competition now with Apple News and such in the picture now.

I agree! Zite was my go to iPad application. I used it daily, and on multiple occasions each day. It was my favorite app. Being able to send articles to almost any app I had on my iPad at the time, whether to read later of save was a sweet bonus.

 

[bchery21]

I use Flipboard all the time :/. Password changed.

 

[fairuz]

Auth0 ... "auth-zero"... (not to be confused with OAuth) wraps around OAuth and makes the process much, much simpler. It abstracts away the complexities of establishing OAuth connections with many services, as well as offering direct Username-Password authentication against its own database. I just starting working with their tech and it does make life a LOT easier. Great documentation, great library of SDKs. These guys are doing it right.

Well that's similar to Firebase, wrapping OAuth with their own auth as a service. I'm saying that shouldn't be necessary. The whole point of OAuth is making it easy to authenticate people with nothing but an OAuth provider, which should be easy to host. You know they've failed because people are wrapping their junk with something nicer like Auth0 or Firebase.

 

[Mahasamatman]

This does not stop until there are significant financial and potential criminal penalties for companies that have security breaches exposing customer data. It will be at that point that they start taking security seriously.

Well as a general approach that's not going to help anyone is it. Personally, while I'd prefer my information not to be leaked, as long as the holder has followed security best practices and has performed all the appropriate scans and checks of software they use, been diligent in patching and generally been a good citizen, I don't see that they should be punished for being hit by an unidentified exploit.

Of course there is some mileage for the converse to be true, be cavalier regarding security and use of access to data (FaceBook and Google I'm looking at you) then yes there should be definite recourse to law.

 

[keifer123]

Flipboard today emailed Flipboard users to let them know about a security breach that saw usernames, email addresses, and protected passwords accessed by hackers.

Between June 2, 2018 and April 22, 2019, there was "unauthorized access" to Flipboard databases that leaked account information. Flipboard says the hackers "potentially obtained copies" of some databases, and has not yet shared details on how many accounts were compromised.

Databases included Flipboard usernames, names, email addresses, and passwords, but the passwords were salted and hashed, which means they weren't stored in plaintext and would be difficult to crack.

Also included were digital tokens used to connect Flipboard to third party services like Twitter or Facebook, if users had indeed connected their Flipboard accounts to their social media networks.

Flipboard is resetting all user passwords and replacing or deleting all digital tokens. If you connected Flipboard to Facebook or Twitter, you will need to reconnect your accounts.

Flipboard says that to prevent something like this from happening again, it has implemented "enhanced security measures." Law enforcement officials have also been notified.

The company recommends that users who use the same username and password for Flipboard that they use for other accounts change their passwords for other services as a precautionary measure.

Article Link: Flipboard Hack Exposed Usernames, Email Addresses and Hashed Passwords

[doublepost=1559315593][/doublepost]This is disappointing but then I realized that i haven't been using my Flipp account for a while. One less thing to worry, so I deleted my Flipp account instead.

 

[Kram Sacul]

Flipboard couldn’t even put out an app for Windows Phone that actually flipped.

 

[DeepIn2U]

Who are the CTOs and engineers of these companies that decide they want to write their own authentication systems!? Companies need to start getting class action lawsuits for privacy violations and sued into oblivion... then they will start taking security seriously.

For very small startups I’d say younger coders like Zuck and many others originally did and yet over a decade later still loose database information of so many of their users.

Apple learned their lesson (iPhoto leaks of the most early on star users of the platform). Addis many others that didn’t survive.

I do agree with your statement.