Another day, another data breach. This time, news aggregator website Flipboard is the latest victim of two separate hacks.
In with a bang, out with a bang. That’s one way to describe the month of May from the perspective of breaches and leaks. First, it was CityComp that suffered a data breach where half a terabyte of data was exposed. Companies like Porsche, Oracle, Toshiba and BT are among the companies affected.
Some time later, another breach of unknown origin hit nearly 40% of the entire population of Australia. After that, StackOverflow got hit with a data breach of unknown scope. After that, Instagram got hit with a data breach with 49 million users exposed via Chatrbox. Finally, just yesterday, we brought you word of another breach hitting Canva where a whopping 139 million users were exposed.
Now, there is potentially another big breach to report on. News aggregator site Flipboard is the latest victim. According to TechRadar, the site was hit by not one, but two “extensive” breaches. From the report:
News aggregator service and mobile news app Flipboard has begun notifying users of a data breach in which hackers had access to its internal systems for over nine months.
The company informed users of the breach in a series of emails in which it explained that hackers had gained access to the databases it uses to store customer information.
According to Flipboard, these databases contained information such as usernames, hashed passwords and in some cases, emails or digital tokens that linked user’s profiles to third-party services.
Thankfully though, the vast majority of passwords were protected by a strong password-hashing algorithm called bcrypt which is known for being difficult to crack. However, if a user failed to change their password since 2012, then it is was hashed using the weaker SHA-1 algorithm.
Overall though, the breach appears to be quite extensive and according to the company, hackers had access to its internal systems for almost nine months. They first gained access from June 2, 2018 until March 23, 2019 and then once again infiltrated the company’s systems again between April 21 and April 22, 2019.
The scope of the breach is unclear in the article, but in a different article published by Forbes, up to 150 million users could have been exposed:
Flipboard, the hugely popular news aggregation app that is used by 150 million people each month, has been hacked. Twice. According to a security notice posted by Flipboard, what it calls “unauthorized access” to databases took place between June 2, 2018 and March 23, 2019 as well as April 21, 2019 and April 22, 2019. The hacker is confirmed as having “potentially obtained copies of certain databases containing Flipboard user information.”
So, it seems that the saga of continuous breaches is still going. What is somewhat unnerving to see is that the sizes of these breaches seems to be gradually expanding. Before, a 100 million record breach was an exceptionally large breach that just doesn’t happen that often. Now, we see the possibility of at least two this month alone. If it’s not just our imagination that the size of these breaches are growing in the last few years, this is not a good trend to be having.
Drew Wilson on Twitter: @icecube85 and Facebook.