Sponsored Links

Flipboard breach exposed usernames and passwords

The social news app has reset all its users' passwords.
Mariella Moon
Mariella Moon|@mariella_moon|May 29, 2019 10:42 AM

If you get a password reset request from Flipboard next time you log in, don't worry -- it's not just you. The social news aggregator has revealed that an unauthorized party infiltrated some of its databases more than once and "potentially obtained copies" of the user information they contained. The unauthorized activities took place between June 2nd, 2018 and March 23rd, 2019, as well as between April 21st and 22nd, 2019. While the security breaches didn't affect all its users, Flipboard has chosen to roll out password resets to all its 145 million accounts as a precautionary measure.

The user details stored in the databases the hacker broke into include people's usernames, email addresses and passwords. Thankfully, those passwords are salted and hashed -- in other words, they weren't kept in an easily readable plain text format -- though older ones that haven't been updated since March 2012 are protected by a weaker encryption technology.

The databases also contained digital tokens used to connect people's accounts with third-party websites and social media platforms like Facebook. While the company says it didn't find evidence the tokens were used to break into the accounts users connected with their Flipboard profiles, it replaced and deleted all those tokens nonetheless.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

Unfortunately, Flipboard still isn't done with its investigation and has yet to reveal the total number of compromised accounts. You may want to change your passwords anyway, just to be safe.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Flipboard breach exposed usernames and passwords