News aggregator app Flipboard says user information was revealed during two breaches. Rather than visiting your favourite news website and reading their glorious headlines, lovely stock images and cutting-edge captions the way the gods journalists intended, Flipboard allows you to create a personalised "news magazine" that you swipe your way through.
Flipboard says hackers gain unauthorized access to its databases containing user details. This data included the personal account information and digital tokens for some of their over 100 million users.
It also said it is in the process of notifying all affected users. Be sure to watch out for an email from the sender "email@example.com" with the subject line: "Flipboard Security Notice".
Flipboard said the unauthorized intrusions occurred between June 2, 2018, and March 23, 2019, and again between April 21 and 22, 2019. A security incident notice has also been published on the Flipboard website to reveal the details of the data breach.
Although the passwords were hashed and salted, making them unreadable and hard to crack, Flipboard cautioned that passwords set prior to March 14, 2012 were scrambled with the weaker SHA-1 algorithm.
Flipboard points out that the passwords hackers accessed were cryptographically protected using salted hashing.
Out of caution, all users ought to change their passwords - especially those who haven't done so since 2012.
Flipboard said these databases stored information such as Flipboard usernames, hashed and uniquely salted passwords, and in some cases, emails or digital tokens that linked Flipboard profiles to accounts on third-party services.
"We have not found any evidence the unauthorized person accessed third-party account (s) connected to users' Flipboard accounts".
As a precaution, we have reset all users' passwords, even though the passwords were cryptographically protected and not all users' account information was involved.
But despite some good news for users, the breach appears to be quite extensive, at least for the company's IT staff.
Flipboard states that the vast majority of the exposed user passwords were hashed with a strong cipher called bcrypt.
Furthermore, the company has already replaced all digital tokens that customers used to connect Flipboard with third-party services like Facebook, Twitter, Google, and Samsung. Law enforcement agencies have, it added, been told of the breach and an unidentified third-party security firm is analysing what happened.