The company based in Palo Alto, California named Flipboard in 2010 has rapidly gained popularity and gathered over 150 million monthly users. Yet, it seems that its good reputation is about to be affected after the online magazine platform has admitted having been hacked twice which has led to the exposure of it user’s data. Flipboard warns its users that the data have most likely been stolen by the hackers, so the company was forced to reset its entire user database’s passwords to provide their users with security after the data breach.
First of all, the company wanted to ensure its users that there is nothing they should worry about regarding the data breach as the platform does not gather any other user data apart from name and username. Thus, Flipboard states that the damages of the hacks were limited and cannot result in any more worrying events.
The engineering team of Flipboard reported having identified
the first hack which targeted the company on 23rd of April this
year. The unauthorized activity has been identified within the platform’s
system since 21st of April and the team has claimed that the results
of the hack could be copies made by the hacker of information such as user
database from the time frame of 2nd of June 2018 to 23rd of
March 2019.
Yet, it seems that there have been attempts for hacking
earlier before than 23rd of April as the team has originally
identified suspicious and unauthorized activity on March 23, 2019. The company
has been asked to determine whether the situation actually implies two separate
breaches instead of the single one they have confirmed on 23rd of
April but Flipboard did not initially respond to the question.
As the hacks occurred, the company has confirmed that the
data breach has exposed information regarding user names, email addresses, and
passwords. The platform had to take greater initiatives in protecting their
user database so Flipboard has initiated a complete password reset on the platform
for each of its users thus, each user will be required to set up a new password
when they log into the platform again.
Another severe measure that the company had to take after
the data breach was to replace all of the digital tokens that are normally
created when users log into its platform via a third party application. Digital
tokens appear as a result of the connection made by the logging in the process
to establish a unique connection between the social media accounts of the users
of the platform and their accounts on Flipboard.
Flipboard claims that the unauthorized activity within the
service may have occurred through a third-party account that was linked to the
Flipboard account. A user of the platform may have given permission to the
unauthorized person to view or make changes on the account and also have access
to information such as user name, profile information or posts existing on the
site. Moreover, the company believes that this access that has been given to
the hacker might have also allowed changes and actions within the service such
as inviting new users to connect.
The company stated that it aims to eliminate any potential risks for future hacks and that severe measures are taken to enhance security measures and strengthen the security of its systems. Moreover, Flipboard wants the platform’s users to know that the company has notified law enforcement about the last series of events regarding the unauthorized activity that targeted its service.