Cybercriminals have breached Flipboard's database and accessed users's accounts, passwords and as well as tokens for third-party services. In response, Flipboard has reset all user passwords to further prevent unauthorised access.
"We recently identified unauthorized access to some of our databases containing certain Flipboard users' account information, including account credentials. In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist," Flipboard said.
The unknown hackers were able to access Flipboard "user's account information, including name, Flipboard username, cryptographically protected password and email address."
Flipboard says the passwords that the hackers accessed were cryptographically protected using salted hashing. But here's the kicker. Passwords that were created or changed after March 14, 2012 were protected with the strong and secure bcrypt, while those that were before March 14, 2012 and were not changed since then that period, were only protected by the weaker SHA-1 hashing algorithm.
Though the company didn't reveal how many users account that were affected in the hack, it said that the hackers had access to its systems for 9 months.
"Findings from the investigation indicate an unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 201 and March 23, 2019 and April 21 - 22, 2019," the report said.
Flipboard says that it has replaced or deleted all digital tokens for users who connected their Flipboard accounts to third-party accounts as a precaution to prevent unauthorised access to third-party accounts.
"Additionally, if users connected their Flipboard account to a third-party account, including social media accounts, then the databases may have contained digital tokens used to connect their Flipbaord account to their third-party account. We have not found any evidence the unauthorized person accessed third-party account(s) connected to users; Flipboard accounts. As a precaution, we have replaced or deleted all digital tokens." the Flipboard notice read.
Flipboard insists that not all users' accounts were compromised in the breach, though they are still in the process of determing the total number.
involved in the incident.
To prevent the occurrences of such incident in the future, Flipboard says it has put in place enhanced security measures to strengthen their security systems.
"To help prevent something like this from happening in the future, we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems," Flipboard said, adding that it won't share specific details for security reasons.
"We recently identified unauthorized access to some of our databases containing certain Flipboard users' account information, including account credentials. In response to this discovery, we immediately launched an investigation and an external security firm was engaged to assist," Flipboard said.
The unknown hackers were able to access Flipboard "user's account information, including name, Flipboard username, cryptographically protected password and email address."
Flipboard says the passwords that the hackers accessed were cryptographically protected using salted hashing. But here's the kicker. Passwords that were created or changed after March 14, 2012 were protected with the strong and secure bcrypt, while those that were before March 14, 2012 and were not changed since then that period, were only protected by the weaker SHA-1 hashing algorithm.
Though the company didn't reveal how many users account that were affected in the hack, it said that the hackers had access to its systems for 9 months.
"Findings from the investigation indicate an unauthorized person accessed and potentially obtained copies of certain databases containing Flipboard user information between June 2, 201 and March 23, 2019 and April 21 - 22, 2019," the report said.
Flipboard says that it has replaced or deleted all digital tokens for users who connected their Flipboard accounts to third-party accounts as a precaution to prevent unauthorised access to third-party accounts.
"Additionally, if users connected their Flipboard account to a third-party account, including social media accounts, then the databases may have contained digital tokens used to connect their Flipbaord account to their third-party account. We have not found any evidence the unauthorized person accessed third-party account(s) connected to users; Flipboard accounts. As a precaution, we have replaced or deleted all digital tokens." the Flipboard notice read.
Flipboard insists that not all users' accounts were compromised in the breach, though they are still in the process of determing the total number.
involved in the incident.
To prevent the occurrences of such incident in the future, Flipboard says it has put in place enhanced security measures to strengthen their security systems.
"To help prevent something like this from happening in the future, we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems," Flipboard said, adding that it won't share specific details for security reasons.