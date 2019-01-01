from the another-day-another-hack...-hack-a-day? dept.
Flipboard Database Hacks Exposed Users' Account Information:
News aggregator app Flipboard said Tuesday it fell victim to hacks that exposed and possibly allowed users' account information to be copied for about nine months.
The information revealed in the hack includes users' names, Flipboard user names, encrypted passwords and email address, according to Flipboard. No Social Security numbers, credit card information or other financial data was revealed, as the app doesn't collect that information.
"As a precaution, we have reset all users' passwords, even though the passwords were cryptographically protected and not all users' account information was involved," Flipboard said in an FAQ. Users will have to create a new password the next time they try to log in to their account.
Additionally, all digital tokens used to connect to third-party accounts have been replaced or deleted to prevent misuse, the company said.
[...] The company said in April 2018 it had 145 million monthly users.
(Score: 0) by Anonymous Coward on Friday May 31, @04:31AM (3 children)
Encrypted passwords? They should be hashed and salted, never encrypted. What's next, pinky swears in the Terms of Service?
(Score: 3, Touché) by FatPhil on Friday May 31, @04:51AM (2 children)
I see nowhere in the common definition of the word as used in common parlance an absolute need that the encoding needs to be reversible. therefore, hashed salted passwords are 'encrypted'.
If you want to play pedantic, you don't 'hash and salt', as you wrote, you 'salt and hash'.
If vaccination works, then why doesn't eucharist protect kids against Christianity?
(Score: 0) by Anonymous Coward on Friday May 31, @05:15AM
Maybe he was using RPN.
(Score: 0) by Anonymous Coward on Friday May 31, @05:18AM
Encrypted and hashed are completely different things. Hashes are one way, where as encrypted data can be decrypted. That being said, the actual press release from Flipboard says:
I'm guess whoever read "cryptographically protected passwords" &"salted hashing" and wrote "encrypted passwords" didn't know the difference between encrypting and hashing.