Flipboard is a popular online news service and mobile app that takes stories from various news sites around the web and puts them together in an aesthetically pleasing interface. Since it first hit the web, Flipboard’s popularity has grown to the point where it enjoys 150 million active users every month. Unfortunately, however, the last few days have been bad both for the app and its users as notices have been going out to tell users that Flipboard has been hacked and user data has been exposed.
There is good news and bad news for Flipboard users
Flipboard has released information on the data breaches it has suffered via a security note posted to its website. The note says, “We recently identified unauthorized access to some of our databases containing certain Flipboard users’ account information, including account credentials.” It goes on to say that following the discovery the Flipboard team launched an investigation, which revealed some telling information.
“Findings from the investigation indicate an unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018 and March 23, 2019 and April 21 – 22, 2019.” Yes, you read that right, the hacker had access to certain Flipboard databases for nine months.
The security note also points out that not all Flipboard accounts have been compromised by the breach and that the company is still trying to determine just how many accounts have been compromised. There is some good news there but the uncertainty surrounding which accounts have been breached and which haven’t, is probably why Flipboard is prompting all users to reset their passwords.
The real good news, however, is that unlike with recent events at Facebook and Google, Flipboard had encrypted the vast majority of passwords it had stored on the breached database. Flipboard uses a strong password-hashing algorithm named bcrypt, which is widely regarded as being very difficult to break. The hacker may have been able to copy the database containing the sensitive user information, but there is good chance he/she won’t be able to access the data. Unfortunately, Flipboard also pointed out that passwords created or changed before March 14, 2012 were hashed using a weaker algorithm so may be easier to crack.
So, what should you do, if you have a Flipboard account?
As we’ve already pointed out, Flipboard is contacting users and prompting them to change their passwords. Follow the instructions it sends you and your account will be secure once again. The other thing to consider, however, is whether you’ve used the same password on Flipboard as you have on other accounts. This is the type of situation hackers dream of as it enables them to test the security credentials, they steal from one site on various other sites, too. Find out if any password you frequently use has been exposed here.
If you frequently use the same password, this is great time to reset all of your passwords. A password manager is the easiest and most secure way to do this. We recommend Last Pass – its free version offers multi-device support so you can use it to log in to sites on your computer and phone.
If you used Flipboard, but only signed in using your Google or social media accounts, Flipboard says you have nothing to worry about as it doesn’t store these credentials on internal databases. You will, however, have to log in again.
All this goes to remind you that you do need to take your online security seriously. A single breach can bring it all down like a house of cards if you’re using the same password across multiple accounts. That said, don’t wait. Act today, change your passwords and activate two-stage verification when possible, and stay safe online.
