Flipboard, a famous social sharing site and news aggregator, has faced data breach several times over a nine-month period. The company has reset millions of user passwords after hackers potentially obtained copies of certain databases containing Flipboard user information.
Flipboard confirmed in a notice on Tuesday that the incident happened between June 2, 2018, and March 23, 2019, and a second time on April 21-22, 2019, and it was detected on April 23, 2019.
In the notice, the company said that hackers stole usernames, email addresses, passwords and account tokens for third-party services. The company revealed that 'not all Flipboard' users were affected, but they declined to say how many users were affected.
The notice read, "We're still identifying the accounts involved and as a precaution, we reset all users' passwords and replaced or deleted all digital tokens."
Flipboard further said that the passwords were unreadable and very difficult to use. "Passwords prior to March 14, 2012, were scrambled using the older, weak hashing SHA-1 algorithm. Any passwords changed after are scrambled using a much stronger algorithm that makes it far more difficult to reveal in a usable format," news aggregator added.
The hackers also accessed account tokens, which gives Flipboard access to data from accounts on other services, like Facebook, Google, Twitter, and Samsung. But the company refused any unauthorised third-party account(s) access which was connected to users' Flipboard accounts.
Users can continue to use their Flipboard accounts but we advise you to update their passwords with full instructions of how to do so. If you use the same credentials, username and password, to access other services, then you should change these passwords as well. And if you use a social media account to access Flipboard, then you may need to reconnect them to Flipboard as the company states that "your password is not stored in our database and we've rotated digital tokens."