It's still way too easy to steal payments data
Flipboard, a social sharing site and news aggregator, has reset millions of user passwords after hackers gained access to its systems several times over a nine-month period. The company confirmed in a notice Tuesday that the hacks took place between June 2, 2018, and March 23, 2019, and a second time on April 21-22, 2019, but the intrusions were only detected a day later, on April 23. Hackers stole usernames, email addresses, passwords and account tokens for third-party services.
Data theft and cyberattacks represent the No. 4 and No. 5 global risks facing organizations across every vertical, according to the World Economic Forum’s 2019 Global Risks Report.
That being said, companies must be more prepared to defend user data from malicious outsiders, or suffer the consequences of lawsuits, sanctions from data privacy laws, decreased user trust, tarnished brand reputation, damaged investor relations and more.
In fact, First American Title Co. has already had a nationwide class action lawsuit filed against it after it failed to secure 885 million records of customer data last week.
Unfortunately, the fact that Flipboard was breached for at least nine months is not that uncommon, as companies can go for years before learning about unauthorized access. Users who received a notice about the breach from Flipboard should immediately change their login credentials across all accounts that use the same email, username and/or passwords to prevent the success of potential credential stuffing attacks.
Organizations like Flipboard that rely heavily on improving user experience are tasked with striking the right balance between security and customer choice to deliver the most secure and meaningful experience across all digital touch-points. Solutions leveraging intelligent contextual authentication can assist these organizations by allowing them to utilize device, contextual and behavioral analytics, user choice and risk-based factors as authentication while maintaining compliance. This allows for increased user adoption rates and improves the customer experience all while redirecting suspicious users for further monitoring.