Flipboard Says Hackers Stole User Details

Flipboard, a news aggregator service and mobile news app, notified users this week of a security incident during which hackers had access to internal systems for more than nine months. From a report: In a series of emails seen by ZDNet that the company sent out to impacted users, Flipboard said hackers gained access to databases the company was using to store customer information. Flipboard said these databases stored information such as Flipboard usernames, hashed and uniquely salted passwords, and in some cases, emails or digital tokens that linked Flipboard profiles to accounts on third-party services. The good news appears to be that the vast majority of passwords were hashed with a strong password-hashing algorithm named bcrypt, currently considered very hard to crack.

But what the hell is it?

[Gravis Zero]

Flipboard is a news aggregator and social network aggregation company based in Palo Alto, California, with offices in New York, Vancouver and Bejiing. Its software, also known as Flipboard, was first released in July 2010.

Was that too much to include in the summary?

Re: But what the hell is it?

[Anonymous Coward]

It's bloatware that shipped with previous Samsung Galaxy phones that you couldn't disable and would constantly swipe to by accident.

Re:

[Waffle Iron]

It's bloatware that shipped with previous Samsung Galaxy phones that you couldn't disable and would constantly swipe to by accident.

I mainly remember it as the most prominent piece of shovelware on my first smartphone. I think that I finally got it out of my face, but it took some research.

I'm kind of surprised that it's still around, or that anybody would actually set up an account with it.

Aren't you saying some passwords plaintext?

[SuperKendall]

The good news appears to be that the vast majority of passwords were hashed with a strong password-hashing algorithm

Is it not pretty bad news that some of them were *not* hashed with a strong algorithm?

In fact doesn't this kind of imply some of what was captured were completely unhashed passwords, which is very bad indeed?

After all there's no reason a company would be using multiple kinds of hashing, so if a password was not hashed using the strong algorithm, that would make me think at that point of captur

Your theory does not check out

[SuperKendall]

Or maybe they used a non-bcrypt algorithm early on for their earliest users, but switched to bcrypt for later users.

Maybe, but don't you think that seems rather unlikely given the timeframe? Flipboard had been around for some time by then, why would they make a change like that late in existence... more on this later as there is a much bigger problem with your theory.

It's even stupider that you'd assume that not using bcrypt automatically means that the passwords were stored in plaintext.

To put this much

Re:

[jrumney]

Not completely unhashed. According to the mail they sent out, if you didn't change your password since March 2012, it will be hashed as SHA-1 instead of bcrypt.

Samsung

[ledow]

Cool.

Now can someone uninstall the fecking thing from my Samsung phone?

Apparently, because of Samsung, it just always gets forcibly reinstalled from the Play Store and the factory-version is permanently on there.

I have literally never even loaded it. I only know the name because it's forcibly installed and I don't even care what it is.

I only wish this phone was properly rootable but it's a bit niche (EU 4G version of the S5 Mini). The S4 Mini I used to have runs LineageOS perfectly without all the crap.

Flipboard!

[Bobrick]

I remember installing this... and uninstalling it 5 minutes later. I don't get how this is better than getting your news literally any other way.

Re:

[jrumney]

The original iPad only version was quite nice, like reading a real magazine. When they decided to chase marketshare to satisfy the investors and dumbed it down to run on small screens, it became just another RSS reader.