Flipboard, a news aggregator service and mobile news app, has started notifying users today of a security incident during which hackers had access to internal systems for more than nine months.
In a series of emails seen by ZDNet that the company sent out to impacted users, Flipboard said hackers gained access to databases the company was using to store customer information.
MOST PASSWORDS ARE SECURE
Flipboard said these databases stored information such as Flipboard usernames, hashed and uniquely salted passwords, and in some cases, emails or digital tokens that linked Flipboard profiles to accounts on third-party services.
The good news appears to be that the vast majority of passwords were hashed with a strong password-hashing algorithm named bcrypt, currently considered very hard to crack.
The company said that some passwords were hashed with the weaker SHA-1 algorithm, but they were not many.
“If users created or changed their password after March 14, 2012, it is hashed with a function called bcrypt. If users have not changed their password since then, it is uniquely salted and hashed with SHA-1,” Flipboard said.