News aggregator Flipboard warned that an unauthorized person gained access to a subset of user account data and cryptographically protected passwords.
Flipboard reset all user account passwords out of an abundance of caution while the investigation continues. The number of total accounts impacted were not known by the company as of Tuesday.
Flipboard released a notice online Tuesday confirming the security incident:
“We recently identified unauthorized access to some of our databases containing certain Flipboard users’ account information, including account credentials. In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist. Findings from the investigation indicate an unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 2018 and March 23, 2019 and April 21 – 22, 2019.”
The database exposed some of Flipboard’s user account information, to include name, username, cryptographically protected password and email address. For some users, digital tokens that link third-party accounts to the user’s Flipboard account may also have been impacted.
The company said that passwords were hashed (with salt) using cryptographic algorithm ‘bcrypt’ for users who have changed their passwords since March 14, 2012. For users who haven’t updated their passwords since then, passwords were protected with SHA-1.
Flipboard published frequently asked questions as part of security notice to help users better understand more details about the incident and security controls in place.