News and social media aggregator Flipboard reset all users’ passwords after discovering a security incident that might have affected some of their data.
On 28 May, the company revealed that its engineering team had recently detected suspicious activity in the network environment where its databases reside. Flipboard responded by launching an investigation and engaging an external digital forensics firm to help it find out what had happened. This effort uncovered that an unauthorized individual had accessed and potentially copied some databases between 2 June 2018 and 23 March 2019 as well as 21-22 April 2019.
In the process, that party might have exposed some users’ account information including their name, username, bcrypt-hashed password, email address and digital tokens if those affected individuals had at one time connected their Flipboard profile to a social media account. The incident did not compromise victims’ Social Security Numbers or banking information, however.
Although the incident might have involved just some users’ cryptographically protected passwords, Flipboard decided to reset all users’ passwords out of an abundance of caution. This means that all users will receive a prompt asking them to create a new password when they next attempt to log into their accounts. To complete this step, users should refer to these experts’ advice on how to create a strong password for each of their web accounts.
The news aggregator also deleted or replaced all affected digital tokens, so users will most likely need to reconnect these third-party accounts, if they so wish.
Flipboard’s response didn’t end there. As it explained in a statement posted to its website:
Additionally, to help prevent something like this from happening in the future, we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems. We also notified law enforcement.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/flipboard-resets-users-passwords-after-discovering-security-incident/