Flipboard changes all user passwords after ‘security incident’ exposes account info

flipboard logo

If you’re a Flipboard user, you should probably log in today and change your password.

The popular news aggregation service this week “identified unauthorised access” to databases that hold users’ account information and credentials.

The service noted that the data was exposed within two separate periods; nearly a year between June 2018 and March 2019, and for two days in April 2019.

“The databases involved contained some of our users’ account information, including name, Flipboard username, cryptographically protected password and email address,” the service added in its report.

“Cryptographically protected password” is important here. It means that passwords saved on Flipboard’s servers were not available in plain, readable, easily-exploitable text. That would’ve been a disaster, especially considering the accompanying account info, like email addresses, was also visible.

More worrying, however, is this sentence: “if users connected their Flipboard account to a third-party account, including social media accounts, then the databases may have contained digital tokens used to connect their Flipboard account to that third-party account”.

That said, the service has deleted all of its digital tokens as a precaution despite it finding no proof of unauthorised access to these tokens. Users will have to reconnect

All users’ passwords have been reset though. It it would be a good idea to log in today, and tweak your password accordingly.

“We deeply regret this incident happened,” the service concluded.

Feature image: Flipboard

Andy Walker, former editor


Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.