Another firm has fallen victim to a massive data breach. This time, it is the news aggregator app Flipboard that made it to the news in the wake of a cyber attack. Following the Flipboard data breach, the firm has taken security steps to contain the impact.
Flipboard Suffered Data Breach
Reportedly, the news aggregator site Flipboard faced a security incident that breached its users’ privacy. The firm disclosed the incident in a security notice on their website.
Explaining about the Flipboard data breach, the notice states that the firm detected unauthorized access to some of their databases on April 23, 2019. Following the discovery, they began investigating the matter that concluded to a security breach.
Findings from the investigation indicate an unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018, and March 23, 2019, and April 21 – 22, 2019.
The kind of information exposed to the attacker from the databases includes usernames and password (hashed and salted). Flipboard explained that they ensure password protection via bcrypt hashing utility since March 14, 2012. Whereas, in case of users with passwords unchanged since this time, their passwords remained protected with SHA-1.
In the case of some Flipboard users, the breached information also included their email addresses and digital tokens if they have linked their accounts with social media profiles.
Nonetheless, they assured that Flipboard does not collect users’ data. Hence, the incident did not impact personal or sensitive information of the users.
Flipboard Resets Passwords Of All Users
Upon identifying the breach, Flipboard quickly implemented security measures to contain the attack. Though they haven’t shared many details about their steps due to ‘security reasons’. Also, the actual number of users impacted during the incident remains yet undetermined.
They have however notified law enforcement authorities as well as reset passwords of all 145 million users and replaced or deleted their digital tokens as a security measure. They have also notified the users of the incident via separate emails.
Anurag Kahol, CTO from Bitglass got in touch with LHN and added the following commentary:
“Unfortunately, people commonly reuse passwords across multiple accounts, which means if a cybercriminal gains access to one password, they can potentially gain access to various accounts for that individual across multiple services. Although Flipboard has reset millions of user passwords after hackers gained access to its systems, other accounts for those users could still be in jeopardy. Users would be wise to change their passwords not only for Flipboard, but across all accounts where that same password may be in. Additionally, they should avoid re-using passwords across different accounts altogether.
Organizations must simultaneously defend their data against leakage and authenticate their users in order to avoid breaches. Fortunately, security technologies like data loss prevention (DLP), multi-factor authentication (MFA), user and entity behavior analytics (UEBA), and encryption of data at rest can help ensure that enterprise data is truly safe.”
Take your time to comment on this article.
Latest posts by Abeerah Hashim (see all)
- Heroku PaaS Service Found Hosting Numerous Magecart Skimmers - December 6, 2019
- Google Patched Multiple Critical Vulnerabilities In Android With December Update - December 6, 2019
- US Data Center Provider CyrusOne Suffered Ransomware Attack - December 5, 2019