Security Alert! Flipboard warns users about leak in your database

News app that recently won the Apple News competition , Flipboard went through trouble recently. According to the app, in a statement sent by email to its users, the database was invaded by an unauthorized person on two occasions: between June 2, 2018 and March 23, 2019, and between 21 and 22 April 2019.

After identifying the user, the Flipboard team immediately initiated an investigation with the help of an outside security company who found the attacker and found that he had obtained copies of specific databases that contain information from users of the application. This database contains name, username on Flipboard, email address and encrypted password.

Check out the Ad before further reading

In the statement, Flipboard stated that passwords are encrypted and protected by a technique known as "salted hashing" (encryption by adding a random value, called salt, to the password, by means of a notation). The advantage of this technique is that it eliminates the need to save keywords in plain text.

The use of a unique salt for each password, in addition to the hashing algorithms, makes it more difficult to discover encrypted passwords, with the need to use large technological resources. Passwords created or changed after March 14, 2012 have the function bcrypt. Those created or altered before that are protected by the addition of salt.

Many users of the app link their data to third-party accounts, such as social networks and Google. Regarding this type of access, Flipboard did not find any evidence that the unauthorized person accessed any third party account linked to the Flipboard accounts. As a precaution, the app team deleted all digital tokens.

Check out the Ad before further reading

"You can continue using Flipboard, you do not have to do anything else. However, the next time you sign in, you'll see that the password for your Flipboard account needs to be updated. Our support page (link below) contains instructions that explain how to create a new password. Also, if you use the same username and password you created on Flipboard in other online services, we also recommend changing the password for those other services.  If you've linked your Flipboard account to a third-party account to see your content, you may find that in some cases you'll need to re-link your account. Our support page also contains instructions that explain how to do this. "

Flipboard, in a statement sent to its user base, by e-mail.

Practical Action Taken by the Company

In the statement, Flipboard claims that all users' passwords have been reset, even those with cryptographic protection, without affecting the account information of all users. In case of new accesses, the system will ask you to create a new password. In addition, the tokens used to connect to all third-party accounts have been unlinked and replaced.

To lessen the possibility of other similar events happening in the future, security measures have been implementedbe improved, and the application has notified the appropriate authorities.

Post a Comment