Earlier today, popular news aggregator Flipboard announced that an unauthorized third party accessed some databases that contained users’ account information.
According to Flipboard, the third party accessed the databases “more than once” between June 2, 2018, and March 23, 2019, as well as between April 21, 2019, and April 22, 2019. Compromised user account information includes usernames, email addresses, and passwords.
The databases also contained digital tokens that are used to connect Flipboard accounts with third-party websites and social media platforms like Facebook, Google, and Twitter. Flipboard didn’t find evidence that the tokens were used to get into users’ accounts, though it deleted and replaced them just in case.
The security breaches didn’t affect every Flipboard user. Also, the breaches didn’t involve social security numbers, bank account information, credit card numbers, or any other government-issued IDs and financial information. The investigation is still ongoing, though Flipboard has already notified law enforcement of the incidents.
Flipboard also noted that compromised passwords were salted and hashed. However, older passwords that weren’t updated since March 2012 aren’t protected by stronger encryption technology. Flipboard’s investigation is still ongoing, so we should have more information soon.
As a precautionary measure, Flipboard reset all of its 145 million users’ passwords. That means you’ll have to come up with a new one the next time you sign in. Alternatively, you’ll have to re-verify your third-party account if you previously used on to sign in.