News aggregator app Flipboard said Tuesday it fell victim to hacks that exposed and possibly allowed users’ account information to be copied for about nine months.
The information revealed in the hacks includes users’ names, Flipboard user names, encrypted passwords and email address, Flaipboard said in a blog post. No Social Security numbers, credit card information or other financial data was revealed, as the app doesn’t collect that information.
“As a precaution, we have reset all users’ passwords, even though the passwords were cryptographically protected and not all users’ account information was involved,” Flipboard said in an FAQ. Users will have to create a new password the next time they try to log in to their account.
Additionally, all digital tokens used to connect to third-party accounts have been replaced or deleted to prevent misuse, the company said.
“We are committed to the security and care for our users and partners and protecting their account information is a top priority for us,” Flipboard said in a statement. “We have taken enhanced measures to secure our systems and implemented additional safeguards to prevent this from happening again.”
Flipboard said the unauthorized intrusions occurred between June 2, 2018, and March 23, 2019, and another between April 21 and 22, 2019. The company said it had notified law enforcement and hired an outside security firm to investigate the hack.
Not all users’ accounts were affected, Flipboard said, but it wasn’t immediately clear how many were.
“At this time, we’re in the process of figuring out the total number,” Flipboard said. “While we have been able to rule out access to certain databases, we continue to investigate the systems the attacker had access to.”
The company said in April 2018 it had 145 million monthly users.