According to a public note published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and then again on April 21-22, 2019.
The information revealed in the hacks includes users’ names, Flipboard user names, encrypted passwords and email address, according to Flipboard. No Social Security numbers, credit card information or other financial data were revealed, as the app doesn’t collect that information.
According to a breach notification email sent out to affected users and seen by Hack Hex, the company has now reset passwords for all users as a precautionary measure, forcing users to create a new strong password for their accounts.
“As a precaution, we have reset all users’ passwords, even though the passwords were cryptographically protected and not all users’ account information was involved,” Flipboard said in an FAQ. Users will have to create a new password the next time they try to log in to their account.
Flipboard also said it had not seen unauthorized access to any third-party account and still in the process of determining the total number of affected users.
“At this time, we’re in the process of figuring out the total number,” Flipboard said. “While we have been able to rule out access to certain databases, we continue to investigate the systems the attacker had access to.”
Also, if you are making use of the same username and password combination as of Flipboard for any other online service, you are recommended to change your password there as well.