Flipboard has discovered that its systems were compromised nine months ago, giving hackers unobstructed access to its network.
Two incidents were detected, the first breach occurring between June 2, 2018 and March 23, 2019, and the second one between April 21 and April 22, 2019. It is the second one which the company spotted, and notified law enforcement agencies.
The company started notifying users of the breach via email (opens in new tab), in which it said that information like Flipboard usernames, hashed passwords, emails and digital tokens, were compromised.
However, hackers will have very little benefit from the obtained passwords, given that they were hashed with bcrypt, a strong password-hashing algorithm.
"If users created or changed their password after March 14, 2012, it is hashed with a function called bcrypt. If users have not changed their password since then, it is uniquely salted and hashed with SHA-1," Flipboard said.
We don’t know how many accounts were compromised, although Flipboard said that not everyone was affected.
"We're still in the process of determining the total number," the company said. "We do know that not all accounts were compromised."
Everyone is getting their passwords reset now, impacted or not. Flipboard also said that all digital tokens that users needed to connect with third-party services have already been replaced.
Furthermore, the company has already replaced all digital tokens that customers used to connect Flipboard with third-party services like Facebook, Twitter, Google, and Samsung.
"We have not found any evidence the unauthorized person accessed third-party account(s) connected to your Flipboard accounts," the company said.
Image Credit: Balefire / Shutterstock