Magazine-style news service Flipboard is notifying users of a months-long security vulnerability, which may have exposed account data to hackers.
Between June 2, 2018 and April 22 this year databases were hit by "unauthorized access," Flipboard said in an email to customers. The hackers may have "potentially" stolen information such as names, email addresses, and passwords, although the passwords were reportedly salted and hashed rather than saved in plain text.
Some users may have had Twitter and Facebook tokens exposed if they linked Flipboard with those services.
The company didn't say how many people may have been impacted. As a safeguard however it's notifying police, deleting any third-party tokens, and resetting all passwords, which may suggest widescale impact.
Flipboard was one of the first to seize on the potential of the iPad, and indeed for a long time the app was iPad-only. Although it now faces competition from a variety of sources, Apple News among them, Flipboard remains relatively unique in transforming RSS feeds into magazines, complete with graphics-heavy formatting and even "sections."
In 2018 CEO Mike McCue criticized Apple News for being limited and a "closed ecosystem," though Apple's service has evolved considerably since then.
5 Comments
I use Flipboard daily...several times a day actually. Twitter linked to it. I have not been contacted by Flipboard about the breach, which was going on for 9-10 months?!?!?!? Seriously Flip? WTF? Why am I finding out about this through AppleInsider and not directly from Flipboard???????
Info on deleting account here:
https://about.flipboard.com/help-center/
I received no communication from Flipboard, a failure almost as serious as the data breach itself.
I doubt anyone from Flipboard is reading this but the way they handled this reveals how little they care about their users’ privacy.
Pity. I wish I had known from the start.
I’m done with Flipboard. Bye bye.
Why is it still legal for user account information/personal details to be stored unencrypted??
Some of these tech execs need to be IN JAIL.
This is why you need to leave very little info about YOU on any site. Basic Login Name and password and that's it. But it needs to be a long random password that is only used at that site. If it's a important site, turn on 2-Factor. So even if they get they hands on your account into, without that second factor when they wouldn't have, you should still be safe.
I'm slowly changing my passwords over to long random ones that LastPass creates. At least 20 digits. But my Apple Account one was one I use at some other places. Well Someone was trying to gain access to my Apple account in CHINA!!! The 2nd factor popped up on my iphone which showed a small map and said China. There was the Allow/Deny Box. Of course I denied. I wasn't in China!!! I then updated my Password to a nice long one I have no hope of Remembering.
This is why you need a GOOD Password Manager. For me that is LastPass. It works on all my devices. If you ONLY live in Apple's world, then KeyChain works. It's pretty basic but it is FREE. LastPass has a lot of features and works great on iOS. Still, turn on 2-Factor for Apple, and your Bank, and your e-mail at least!!! If they gain access to your e-mail, well now they can do password recovery to most of your other sites to gain access.
LastPass works great on my iPhone Xs. I have FaceID turned on for it and so I can log into a site pretty quickly. Having LONG random passwords like "suY&3cF#qRTz*aWd%hy^" fir each site. Good luck figuring that one out. The only way, the site is hacked and they get your password that way. Which is why once again, 2-Factor is Important.
Is Flipboard not doing business in the EU? Because part of the GDPR is quickly reporting hacks!!! I believe there is a 72-hour breach notification requirement. If these company's care so little about security, I would drop them and never deal with them again.