Technology

Flipboard latest casualty to data breach scandals

This unauthorised person has been able to access Flipboard users’ information for over nine months

Tech Desk May 30, 2019

PHOTO: Mashable

Famous newsgathering app Flipboard becomes the latest victim to a data breach scandal. The company recently announced in a post that unauthorised access of some of its’ internal systems, containing Flipboard users’ personal data (account information and credentials) has been identified. This unauthorised person has been able to access Flipboard users’ information for over nine months and potentially create copies.

The number of users affected by the breach has not yet been discerned, but an investigation conducted by the company found that unauthorised access occurred between June 2018 and April 2019.

WhatsApp co-founder asks users to delete Facebook

The information that may have been accessed includes users’ names, Flipboard usernames and email address. Passwords, however, were cryptographically protected with an algorithm known as bcrypt, rendering them inaccessible to the unauthorised user. This algorithm functions by adding a salt (a unique, random set of characters) on top of the usual hashing of the password, which is scrambled to make it difficult to crack. Hence passwords are very tough to access, requiring significant computing power to do so.

However, passwords set prior to Mar 14, 2012, were hashed and salted with algorithm SHA-1, a function now long redundant in the world of modern internet security. Flipboard stated that irrespective, all user passwords have been changed as a result of the breach despite only a portion of users being affected by it.

The company further added that their internal database includes digital tokens which allow Flipboard itself and other third parties to connect, such as users linking Flipboard to external social media platforms like Facebook or Twitter. This would enable users to access content from third-party platforms (i.e. having the ability to read your Facebook or Twitter feed on Flipboard), and allow you to comment on/share articles from Flipboard. The company stated unauthorised access to third-party accounts had not been detected.

Man arrested by FIA for blackmailing girls on social media

"We have not found any evidence the unauthorized person accessed third-party account(s) connected to users' Flipboard accounts. As a precaution, we have replaced or deleted all digital tokens," the post read. “Importantly, we do not collect from users, and this incident did not involve Social Security numbers or other government-issued IDs, bank account, credit card, or other financial information," Flipboard confirmed that it had notified law enforcement of the incident, which was discovered on Apr 23. Users will be prompted to change their passwords the next time they log in, and some will have to reconnect to third-party services previously connected to Flipboard.

This article originally appeared on Mashable.