News aggregator service and mobile news app Flipboard has begun notifying users of a data breach in which hackers had access to its internal systems for over nine months.
The company informed users of the breach in a series of emails in which it explained that hackers had gained access to the databases it uses to store customer information.
According to Flipboard, these databases contained information such as usernames, hashed passwords and in some cases, emails or digital tokens that linked user’s profiles to third-party services.
Thankfully though, the vast majority of passwords were protected by a strong password-hashing algorithm called bcrypt which is known for being difficult to crack. However, if a user failed to change their password since 2012, then it is was hashed using the weaker SHA-1 algorithm.
While Flipboard did not disclose just how many of its user accounts hackers had access to, the company did say that not all accounts were affected by the breach.
As an extra measure of security, the company is now in the process of resetting all customer passwords even if they were not accessed by hackers. Flipboard has also already replaced the digital tokens used by customers to connect its service to other third-party services such as Google, Twitter, Facebook and Samsung.
Overall though, the breach appears to be quite extensive and according to the company, hackers had access to its internal systems for almost nine months. They first gained access from June 2, 2018 until March 23, 2019 and then once again infiltrated the company’s systems again between April 21 and April 22, 2019.
It was during the second time that hackers gained access that Flipboard detected the breach while investigating suspicious activity on its database network.
It is recommended that all Flipboard users change their passwords now and the company has notified law enforcement regarding the breach.