Flipboard, a popular social sharing site and news aggregator, announced that an unauthorized third party gained access to its systems over a period of nine months.
In a notice, the company said the third party accessed its databases “more than once” between June 2, 2018, and March 23, 2019, and a second time April 21 – 22. However, the intrusions were not detected until a day later, on April 24.
The intruders stole user account information, including usernames, email addresses, passwords, and account tokens for third-party services like Facebook, Google, and Twitter. But according to the notice, “not all” Flipboard users’ account information was compromised during the breach. However, the company did not specifically state how many users were affected.
“We’re still identifying the accounts involved and as a precaution, we reset all users’ passwords and replaced or deleted all digital tokens,” the notice read.
The company also noted that the passwords were unreadable, but passwords before March 14, 2012, were scrambled using the older, weak hashing SHA-1 algorithm.
As of now, the investigation is still ongoing, but in the same statement, Flipboard said it has “not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts.” And as a precautionary measure Flipboard reset all 150 million monthly users’ passwords.