Flipboard Faces Data Breach, Users’ Accounts Compromised
Flipboard, a widely-used social sharing and news aggregation platform with a user base exceeding 150 million, has reported a significant data breach affecting its user accounts. The incident came to light following a public notification issued by the company, revealing that unauthorized access to its systems persisted for nearly ten months. The breach is said to have occurred between June 2, 2018, and March 23, 2019, with subsequent access discovered on April 21 and 22, 2019.
The attackers are believed to have obtained sensitive information from the breached databases, including users’ real names, usernames, cryptographically protected passwords, and email addresses. This data also encompasses digital tokens for users who had connected their Flipboard accounts with third-party social media services. As a precautionary measure, Flipboard has initiated a password reset for all affected accounts, requiring users to create new, stronger passwords upon their next login.
In a breach notification sent to users, Flipboard emphasized that logging in from an authorized device would remain accessible, but accessing the platform from a new device would prompt the password reset. The company has reported no evidence suggesting that any third-party accounts linked to users’ Flipboard profiles were breached, although it continues to ascertain the total number of users impacted by this incident.
To mitigate potential threats, all digital tokens associated with compromised accounts have been replaced or rendered invalid. This proactive step is crucial for protecting users’ linked accounts, as it eliminates the chance of token misuse. Despite the seriosity of the breach, Flipboard affirmed that the attack did not involve sensitive information such as government-issued IDs or financial details.
The scale of the breach and how the hackers executed it have not yet been fully detailed, with the company actively investigating both the methods used and any vulnerabilities exploited. Law enforcement has been notified as part of this ongoing inquiry. As users navigate their cybersecurity practices, Flipboard has advised altering any reused usernames and passwords across other platforms to enhance security.
This incident highlights the importance of maintaining robust cybersecurity measures and underscores the vulnerabilities that can exist even within reputable platforms. Expect considerable attention from cybersecurity experts regarding the attack techniques employed, with potential MITRE ATT&CK frameworks indicating tactics like initial access and privilege escalation may have played a role.