Flipboard Hard-Resets Users’ Passwords After Discovering Zero-Day Vulnerability  

Earlier this week, Flipboard urged users to change their passwords, following the discovery of a zero-day vulnerability which allowed hackers to steal personal information.

In a blog post detailing the incident, Flipboard said the breach was used to copy the users’ email addresses and would also reveal their recent activity and real names.

Flipboard made assurances that the hackers were not able to access sensitive info such as social security number or credit card information since the website does not require its users to input this type of info.

Where does this leave us?

As you know, Flipboard is the leading news and stories aggregators on the Internet. Covering a large variety of topics, from politics to cybersecurity, this user-friendly platform customizes your experiences based on preferences. Pretty neat, especially if you’re tired of seeing your thread filled with stories that spark no interest.

Anyway, according to the aforementioned blog post, the issue, which prompted the company to reset all the passwords, appears to be going on for quite some time. In fact, the first intrusions happened somewhere between June the 2nd 2018 and March the 23rd 2019. A similar breach occurred in late April.

Despite no sensitive data being stolen, the company has notified the authorities and has even hired a private cybersecurity investigator in a bid to determine who was behind the attacks.

As for the accessed info, a company spokesperson declared that whoever breached the security network was able to see the users’ real names, locations, and their recent Flipboard activity.

Furthermore, the vulnerability also allowed them to see plain-text passwords and to copy thousands of email addresses from the company’s server.

Although not all users have been affected, the company decided to reset all passwords and to either delete or replace third-party accounts accessible via a digital token.

So, then next you’ll want to sign in to your Flipboard, you will be prompted to change your password. We would strongly recommend choosing a better one, although the urge to sticks with the former one is great.

What’s there to be done?

Unfortunately, there’s no way of telling for sure which email addressed leaked and which remained untouched. For safety reasons, you should refrain from opening any suspicious emails.

Obviously, the person or persons behind this attack is trying to build a database for future phishing attacks.

Another healthy security practice would be to tokenize the sign-in process.

Flipboard works with various third-party tokens such as BlockCerts. This adds an extra layer of security, making the account harder to break. If you haven’t done so already, you should consider downloading and using a token from now on.


This breach does not mean that you should go ahead and close your Flipboard account. However, this should be one of those call-to-actions that prompts us to pay more attention to cybersecurity.

Yes, it is a great time to be alive on the Internet, but this doesn’t mean that we should let out guard down.

What do you think about Flipboard’s announcement? Hit the comments section and let us know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *