Skip to main content

News aggregator app Flipboard hacked; user data stolen



Hackers managed to breach Flipboard’s security for sensitive database multiple times putting millions of users at risk.

Just yesterday, it was reported that the online graphic-design tool website Canva had suffered a massive data breach in which a hacker stole over 139 million accounts of registered users. Now, the highly popular social sharing and news aggregation app Flipboard has been hacked not once but twice in a limited timeframe, as per the security notice published by the company.
According to Flipboard, its databases were accessed between 2 June, 2018 and 23 March, 2019 and 21 April 2019 and 22 April, 2019 during which the hacker managed to obtain copies of databases containing Flipboard’s user information.
Flipboard has a huge following with more than 150 million people accessing it every month. The company claims that the hackers downloaded the databases, which contained not only usernames and salted hash (cryptologically protected or encrypted) passwords but real names, email IDs, digital tokens that registered members use to connect to their Flipboard account via a social media platform were also hacked.
Currently, Flipboard hasn’t clarified the number of users affected by this prolonged data breach, which lasted roughly ten months. The company further explained that the passwords that were changed or created prior to 14 March, 2012 were protected by a relatively weak SHA-1 algorithm. The passwords changed/created after this date were cryptologically protected using the reliable bcrypt hashing protocol.
The affected users have been sent breach notification via emails and Flipboard has also reset the passwords for all of its users to be on the safe side. Users are also urged to select stronger passwords to keep their accounts secure.
In its official statement after disclosing the breach, Flipboard notified its users that:
“You can continue to use Flipboard on devices from which you are already logged in. When you access your Flipboard account from a new device or the next time you log into Flipboard after logging out of your account, you will be asked to create a new password.”
Users who connect to Flipboard using their social media accounts such as GoogleFacebook, or Twitter, can continue using them without any concern because Flipboard doesn’t store the passwords for third-party platforms in its database and instead offers digital tokens.
It is noteworthy that the intrusion was detected a day after the second hack took place, that is, on 23 April, 2019 when “suspicious activity” was identified at the location where the database was stored. Law enforcement agencies have also been notified about the hack attack.

Comments

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more