News aggregator platform Flipboard has disclosed that its databases containing account information of certain users have been hacked.
The data that was potentially downloaded several times over a nine-month period ending on April 22 included user credentials, the Palo Alto, California-based company revealed in an email sent to all Flipboard users.
A security incident notice has also been published on the Flipboard website to reveal the details of the data breach. The total number of affected users is uncertain.
The company has reset passwords of all its about 150 million users, including the passwords that were cryptographically protected.
“The databases involved may have contained your name, Flipboard username, cryptographically protected password, and email address,” the company said in an email.
The security incident that particularly took place between April 21 and 22 was discovered on April 23, when Flipboard’s engineers were investigating the suspicious activity that occurred on March 23.
“Our engineering team became aware of the incident after identifying suspicious activity in the environment where the databases reside,” the company stated in the notice on its website.
The total number of users being affected through the data breach is uncertain. However, Flipboard ensures that “not all Flipboard users’ account information was involved in the incident” and as a precaution, all users’ passwords have been reset.
Flipboard also highlights that the vast majority of passwords that were potentially downloaded by the hackers during the security failure were hashed using bcrypt. For the users who haven’t changed their password since March 14, 2012, the company protected their passwords using SHA-1 encryption.
Many of the affected users might have used digital tokens to log in to the app using their credentials from Facebook, Google, and Twitter among other sites, Flipboard has rotated all the existing digital tokens. Nevertheless, the company is still allowing users to access their Flipboard account using third-party sources such as Facebook, Google, and Twitter.
“To help prevent something like this from happening in the future, we implemented enhanced security measures and continue to look for additional ways to strengthen the security of our systems,” the company said without revealing any specific details due to security reasons.
Flipboard mentioned that it informed law enforcement about the unauthorised access and involved an external security firm to investigate the flaw.