Flipboard resets passwords of 145 million users after data breach exposed details

The databases in question included users' names, encrypted passwords and email addresses.

Flipboard has been targeted by hackers, prompting the popular news aggregator to reset passwords for its entire community of around 145 million users.

Flipboard announced in a post that it had identified unauthorised access of some of its internal systems, which contained some Flipboard users' account information and credentials.

For more than nine months, the alleged hacker had access to Flipboard's systems, potentially allowing access to obtain copies of databases which hosted users' information.

It's unclear yet how many users were affected by the breach, but an investigation commissioned by the company revealed that the breach occurred between 2 June 2018 and 23 March 2019 and also on 21-22 April.

The Flipboard app on an Android phone. Image: tech2

The Flipboard app on an Android phone. Image: tech2

While the information on these databases included their name, Flipboard username, and email address, the passwords were protected via an encryption algorithm called bcrypt.

Explaining the effectiveness of this algorithm, Flipboard states that bcrypt adds a unique, random set of characters called a salt, on top of the usual hashing of the password. This scrambles the password to make it difficult to figure out, in turn, making it very tough to crack, requiring significant computing power to do so.

The hacks also exposed account tokens, which essentially allows Flipboard access to data from accounts on third-party services, like Facebook, Google, and Samsung.

“We have not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts,” said the statement. “As a precaution, we have replaced or deleted all digital tokens.”

"Importantly, we do not collect from users, and this incident did not involve Social Security numbers or other government-issued IDs, bank account, credit card, or other financial information," the company mentioned.

Flipboard, in the post mentions that it has already notified law enforcement of the incident and that users will be prompted to change their password, the next time they login. Some users will also be prompted to reconnect to third-party services which were previously linked to their Flipboard account.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.