Read Between the Lines: What Your Business Could Learn from Flipboard’s Recent Data-Breach

According to Flipboard, hackers were able to tap directly into the databases where the app-company housed customer information. The information stolen, including customer names, user names, hashed passwords, emails, and digital tokens or API tokens for your favorite social media apps. Although Flipboard does not know how many accounts hackers infiltrated, nor have they fully-assessed the damage, one thing is for sure: It’s time for many companies to begin reading between the lines. While data that was stolen is serious, it’s the number of time hackers were able to go undetected that is cause for concern. Companies need to focus on Endpoint Protection.

Flipboard told it’s affected users that hackers were able to tap directly into the databases where the app-company housed customer information. The information that was stolen, was customer names, user names, hashed passwords, emails, and digital tokens or API tokens for your favorite social media apps. Although Flipboard does not know how many accounts hackers infiltrated, nor have they fully-assessed the damage, one this is for sure: It’s time for many companies to begin reading between the lines. The data that was stolen is serious, but the amount of time hackers were able to go undetected, leaves us to addresses a much-larger problem, one surrounding Endpoint Protection.

To Reset your Password or, to not?

ALWAYS change your password! For many, the first step will be to reset their passwords. For others, they may rely on Flipboard. While Flipboard advised its users that all user’s passwords will be reset, as a precaution, they fail to acknowledge that change will not protect everyone. Something the company lacks to tell those affected is that anyone who remains logged in, from a smartphone or laptop, will NOT receive a password reset notification unless you log out and use Flipboard from another device. For best results, we recommend ignoring uncertainty and change your password immediately. If you have NOT logged in since March of 2012. This date is important, as it was when the user base reached 20-million subscribers, me included. Imagine if that password was used elsewhere, PayPal, Wells Fargo, or Stanford HealthCare?

Third-Party Logins

Back in 2015, many application companies utilize what is known to many as a form of Single Sign-On or SSO. Ironically, this was packaged differently, and lazy users who wished to skip a few steps were forced to use a Google, Facebook, Twitter, or LinkedIn login. This is a major concern for many businesses’ and its employees.

Flipboard noted the breach “may have contained digital tokens.” It’s these tokens or APIs that application development uses to communicate information. Their internal team has replaced or deleted all digital API tokens to eliminate current, and future misuse. Before they were changed, hackers COULD use these tokens to read, post and message other accounts with access to usernames, profiles, and faked connections.

Yes, almost every data breach results in the company’s promising to tighten up security without explaining what this means. Read Between the Lines, what’s most concerning is this went on for 10 months according to Flipboard. It’s no longer a matter of your ‘too small,’ or ‘they don’t want my data.’

Read Between the Lines

Time to discovery, or ‘dwell-time’ as it has been popularized, refers to the length of time the hackers were able to wander inside a network before being detected. In plain terms, these thieves were digitally casing the database for some time. Compared to other hacks we’ve seen worldwide, cybercriminals are breaking into networks for weeks or months at a time before being discovered. While it appears Flipboard’s hackers took up residence for a long time, it was actually in line with many of the businesses we’ve seen hit today. Even the quickest to notice industry still takes a business (on average) 5 months or more to notice a breach.

  1. Entertainment – 287 Days
  2. Healthcare – 255 Days
  3. Educational Institutes – 217 Days
  4. Manufacturing – 168 Days
  5. Financial Services – 163 Days

The average time to detect a breach among 17 popular industries studied was 197 days. However, once a breach is identified, the time it takes to contain or remediate is much faster. With the use of connected tools like End-Point Protection, and a robust backup solution your business can use multiple layers to protect unknowing employees. We say this as healthcare hackers spend the highest number of days living in the network than it takes security pros to find and expel them. This is up from 2011 when dwell-times were reported at 416 days.

Many businesses’ feel they are covered when it comes to security, however, the criminals don’t stop. It’s this mindset that acts as a contributing factor to many companies failing to be more secure.

Clare Computer Solutions has the talent, expertise and Security Offerings needed to meet your business needs and deliver you peace of mind. Using a Security Posture Evaluation, your business can identify, and prioritize risk, and data vulnerabilities. If your business has been compromised, or you wish to shore-up security prior to finding yourself in the sights of hackers – WE CAN HELP.