Social sharing site and news aggregator Flipboard has reset millions of user passwords after hackers gained access to its systems several times over a nine-month period.
The company confirmed in a notice Tuesday that the hacks took place between June 2, 2018 and March 23, 2019 and a second time on April 21-22, 2019, but the intrusions were only detected a day later, on April 23.
Hackers stole usernames, email addresses, passwords and account tokens for third-party services. According to the notice, “not all” Flipboard users’ account data were involved in the breaches but the company declined to say how many users were affected.
Flipboard has about 150 million monthly users.
“We’re still identifying the accounts involved and as a precaution, we reset all users’ passwords and replaced or deleted all digital tokens,” the notice read.
Although the passwords were unreadable, Flipboard said passwords prior to March 14, 2012 were scrambled using the older, weak hashing SHA-1 algorithm. Any passwords changed after are scrambled using a much stronger algorithm that makes it far more difficult to reveal in a usable format.
The hacks also exposed account tokens, which gives Flipboard access to data from accounts on other services, like Facebook, Google and Samsung.
“We have not found any evidence the unauthorized person accessed third-party account(s) connected to users’ Flipboard accounts,” said the statement. “As a precaution, we have replaced or deleted all digital tokens.”
Flipboard becomes the latest tech giant to be hit by hackers in recent months. Developer platform Stack Overflow earlier this month confirmed a breach involved some user data. Canva, one of the biggest sites on the internet, was also hacked. Last week, the Australia-based company admitted close to 140 million users had data stolen following the breach.
- After breach, Stack Overflow says some user data exposed
- An unsecured SMS spam operation doxxed its owners
- Samsung spilled SmartThings app source code and secret keys
- Security lapse exposed a Chinese smart city surveillance system
- A leaky database of SMS text messages exposed password resets and two-factor codes
- Chipotle customers are saying their accounts have been hacked