Flipboard revealed that an “unauthorized party” accessed its database between June 2, 2018 and March 23, 2019, as well as between April 21-22, 2019.
Flipboard Data Breach
The databases that were accessed included usernames, email addresses, and passwords. There is a silver lining though: The passwords were stored in a secure manner using SHA-1 and not in plain text. However, older passwords that haven’t been updated since March 2012 were secured using bcrypt, a weaker form of encryption.
Additionally, if users connected third party accounts, like social media, to their Flipboard account, the databases may have contained digital tokens, which have since been replaced or deleted by Flipboard. The company hasn’t disclosed how many users were affected, but as a precaution reset all 145 million of its users’ passwords.
Further Reading:
[G Suite Passwords Stored in Plaintext Since 2005]
[How to Use macOS Keychain Access to Beef up iCloud Keychain]