Skip to main content

Flipboard hack prompts password reset for millions of users

Flipboard has been targeted by hackers, prompting the company to perform a password reset for its community of around 145 million users.

Upon learning of the hack, the Palo Alto, California-based social media and news aggregator informed law enforcement and also contacted an external security firm. Investigators confirmed that hackers had “accessed and potentially obtained copies of certain databases containing Flipboard user information” between June 2, 2018 and March 23, 2019, and also on April 21 and 22, 2019.

The stolen information extended to some users’ account information, including names, Flipboard usernames, cryptographically protected passwords, and email addresses.

Flipboard uses a technique called “salted hashing” to improve the security of users’ passwords, and the company confirmed that no passwords had been stored in plain text.

It said, however, that as a precautionary measure it had decided to reset all users’ passwords.

“When you access your Flipboard account from a new device, or the next time you log into Flipboard after logging out of your account, you will be asked to create a new password,” the company explained in a message on a special webpage offering updates on the security breach. If your original Flipboard password is the same for any other online services that you use, you’re urged to change it for those services, too.

The company added that if anyone connected their Flipboard account to a third-party account — including social media accounts — then the databases may have contained digital tokens for connecting their Flipboard account to that third-party account. The company said it hasn’t found any evidence of the hackers accessing any third-party account connected to users’ Flipboard accounts. But, erring on the side of caution, it has decided to replace or delete all digital tokens, meaning you’ll have to reconnect Flipboard to those services. Details on how to do so can be found on this Flipboard webpage, which also contains an extensive FAQ section related to the breach.

Flipboard said it’s still identifying precisely which user accounts were caught up in the hack. It was also keen to point out that it holds no information such as Social Security numbers, bank account, credit card, or other financial information, and therefore such data was not involved in the hack.

The company assured users that it has already implemented “enhanced security measures” to prevent a similar kind of incident from occurring in the future.

The incident is just the latest in a string of online security incidents that have come to light in recent months, with Facebook, 500px, and Quora among those targeted.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more
Hackers are using AI to create vicious malware, says FBI
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

The FBI has warned that hackers are running wild with generative artificial intelligence (AI) tools like ChatGPT, quickly creating malicious code and launching cybercrime sprees that would have taken far more effort in the past.

The FBI detailed its concerns on a call with journalists and explained that AI chatbots have fuelled all kinds of illicit activity, from scammers and fraudsters perfecting their techniques to terrorists consulting the tools on how to launch more damaging chemical attacks.

Read more
Ransomware attacks have spiked massively. Here’s how to stay safe
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

No one wants to fall victim to ransomware, but a new report from blockchain security firm Chainalysis claims that ransomware payments could be set for a record-breaking year, with criminals raking in close to half a billion dollars just seven months into 2023.

According to the analysis, ransomware payments this year have totaled $449.1 million so far. That’s $175.8 million more than this time last year, suggesting that hackers have doubled down on this method of extracting money from unfortunate victims.

Read more