InvestorsHub Logo
Followers 5
Posts 2784
Boards Moderated 0
Alias Born 09/06/2006

Re: None

Saturday, 06/01/2019 8:14:02 PM

Saturday, June 01, 2019 8:14:02 PM

Post# of 249148
Flipboard Confirms It Was Hacked Twice: 150M Users At Risk As Passwords Stolen

https://www.forbes.com/sites/daveywinder/2019/05/29/flipboard-confirms-it-was-hacked-twice-150m-users-at-risk-as-passwords-stolen/#1bee1bf06926

Flipboard, the hugely popular news aggregation app that is used by 150 million people each month, has been hacked. Twice. According to a security notice posted by Flipboard, what it calls "unauthorized access" to databases took place between June 2, 2018 and March 23, 2019 as well as April 21, 2019 and April 22, 2019. The hacker is confirmed as having "potentially obtained copies of certain databases containing Flipboard user information."

What data has been breached?

According to Flipboard the databases that have been compromised hold account credentials including actual names, usernames, cryptographically protected passwords and email addresses. Although it is not known at this stage exactly how many users have been impacted by the breach, the Flipboard app has 150 million monthly users and the Flipboard will only say that "not all users were involved. The important two words in that list of breached data are cryptographically protected. This refers to the passwords being protected by salted hashes, or in plain speak a method of encrypting plain text passwords using unique seeds that make cracking them a much harder proposition for any attacker. Not impossible, mind, but time and resource consuming to a not insignificant extent. There is a caveat here though, Flipboard admits that passwords created (or changed) before March 14, 2012 used a much weaker hashing algorithm. Then there's digital tokens, used to connect Flipboard accounts to social media and other third-party accounts, which Flipboard say "may have" been stored in those breached databases.

How has Flipboard reacted?

As soon as Flipboard discovered the unauthorized access, on April 23, it launched an investigation with the help of an external security company. While it may seem like an overly long delay before informing users of the breach, Flipboard has been thorough in carrying out this forensic investigation to confirm the incident before doing so and security experts agree the disclosure is full and frank. Ethical hacker John Opdenakker told me that, "while a lot of companies fail at data breach disclosure, Flipboard did a good job; their communication is very transparent and detailed." All Flipboard account holders should by now have received an email with details of the breach. Law enforcement has also been notified. Although passwords were salted and hashed as already stated, Flipboard has taken the precaution of resetting all user passwords. It has also replaced or deleted all digital

Please see the rest of the article at the link.
==================================================================
To prevent having to put users and companies through password resets, Wave ERAS and Wave VSC 2.0 could keep the unauthorized or bad guys off the network, and from retaining the sensitive information in the first place!! Breaches like this shouldn't be happening, and Wave's solutions could be stopping them from happening!! I've posted a link below that can simply explain how Wave's solutions can do that. Given the frequency of data breaches, solutions such as the ones below should be very sought after unless companies choose to fight the bad guys on their networks to try to catch them or use salting, hashing of passwords and passwords resets as a means of defense!
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excepts:

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate [b]which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.


==================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

=================================================================
https://www.wavesys.com/

https://www.wavesys.com/contact-information












Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.