Flipboard’s internal system is hacked and recommends all users to reset passwords
News Aggregation Services and Mobile News Application Flipboard today issued security notices, and multiple systems within the company have been hacked for more than nine months. Flipboard indicates that hackers have access to the server that stores customer information. A username, a hash, an encrypted password, and a Flipboard profile bundled with a third-party service are stored on the server.
The good news, however, is that the passwords stored on the server are encrypted by a strong password hash algorithm called bcrypt, which is hard to crack. The company also said that some passwords were encrypted using the weaker SHA-1 algorithm, but not many. Flipboard says: “The vast majority of passwords were hashed with the utility called bcrypt. For Flipboard users that have not logged into their account since March 14, 2012, the passwords were protected with SHA-1 and uniquely salted.”
In their emails, Flipboard indicates that all users should reset their passwords regardless of whether they are affected or not. In addition, the company has canceled all digital tokens connected to Flipboard, including third-party services such as Facebook, Twitter, Google, and Samsung. Flipboard write: “We’re still in the process of determining the total number. We do know that not all accounts were compromised.”