The Flipboard online article reading application has informed part of its users that for more than nine months a group of hackers had access to its internal systems, including the database where information about who uses the app is stored. These include usernames, encrypted passwords and, in some cases, the emails or connections to profiles of other sites (such as Facebook, Google and Twitter) used by users to access Flipboard faster. Most passwords were protected by an algorithm to encrypt them, called bcrypt, which was considered very difficult to crack: those at risk were those protected by a weaker algorithm, called SHA-1. Flipboard stopped using it on March 14, 2012, so passwords at risk are all those that have never been changed since before that date.
In its communications to users, Flipboard said it does not yet know how many accounts are compromised. As a precaution, it made all its users change their passwords and replaced connections to third party services; he said however that for now there have been no reports of unauthorized access to accounts connected to Flipboard accounts.
The cyber attack went on from 2 June 2018 to 23 March 2019; it was discovered due to a shorter attack, which took place between 21 and 22 April.
