In a series of email sent out to impacted users, news aggregator app Flipboard has today notified of a security incident during which a group of hackers accessed its user data for more than nine months. According to ZDNet, Flipboard said that hackers accessed the database it was using to store customer information.
While the full extent of the hack is unknown at this time, the company revealed that the database included information such as Flipboard usernames, hashed and uniquely salted passwords, and emails or digital tokens that linked Flipboard profiles to accounts on third-party services.
Fortunately, the vast majority of passwords were hashed with a strong password-hashing algorithm called “bcrypt”, which is considered to be very hard to crack.
In its email, Flipboard said it is resetting all customer passwords, regardless if users were impacted or not
“If users created or changed their password after March 14, 2012, it is hashed with a function called bcrypt. If users have not changed their password since then, it is uniquely salted and hashed with SHA-1,” Flipboard said.
“We’re still in the process of determining the total number,” the company said. “We do know that not all accounts were compromised.”
The company said it detected the breach the day after this second intrusion, on April 23, while investigating suspicious activity on its database network.
Law enforcement has already been notified of the security breach.