Unauthorized third-parties have hacked the databases of the news aggregation site Flipboard and have potentially downloaded the data contained within them.
When did it happen?
The unauthorized user accessed the databases between June 2, 2018, and March 23, 2019, and between April 21, 2019, and April 22, 2019.
What information was compromised?
The databases contained Flipboard users’ account information including user names, hashed and salted passwords, email addresses, and digital tokens used to login to Flipboard using site credentials from Google, Facebook, and Twitter.
The exposed user passwords were all hashed with a strong cipher called bcrypt, however, it is not impossible to crack the passwords. Users who have not logged into their accounts since March 14th, 2012, would have had their passwords hashed using SHA-1, which would be easier to crack.
What was the immediate action taken?
“As another precautionary step, we disconnected tokens used to connect to all third-party accounts, and in collaboration with our partners, we replaced all digital tokens or deleted them where applicable,” Flipboard said in a security notice.