Flipboard discloses breach that gave hackers access to user data

Magazine-style news service Flipboard has revealed that hackers gained access to user passwords several times over the last nine months.

Between June 2, 2018 and April 22 this year databases were hit by “unauthorized access,” Flipboard said in an email to customers. The hackers may have “potentially” stolen information such as names, email addresses, and passwords, although the passwords were reportedly salted and hashed rather than saved in plain text.

The hacks exposed a variety of information connected to Flipboard user accounts, with the intruder able to access usernames, passwords, email addresses, and tokens used for connecting to third-party social networks such as Twitter. The passwords were protected using “salted hashing,” so long as they had been updated since March of 2012. Passwords from March 2012 and earlier were hashed with a weaker SHA-1 function.

As for the third-party account tokens, Flipboard says that it has “not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts.”

The company didn’t say how many people may have been impacted. As a safeguard however it’s notifying police, deleting any third-party tokens, and resetting all passwords, which may suggest widescale impact.