News aggregation app Flipboard has publicly confessed that hackers accessed personal data about its members.
Although the biz did not say how many customers had been affected, the app has been installed more than half a billion times, according to its Google Play Store listing.
The databases that got away, according to a Flipboard statement, included account credentials, names, hashed and salted passwords, and email addresses. Some of these passwords were SHA-1 hashed, while those created after March 2012 were hashed and salted with the more modern and tougher-to-crack bcrypt algorithm.
The app's makers do not collect financial data or government ID card information.
Flipboard is a news aggregator. Rather than visiting your favourite news website and reading their glorious headlines, beautiful stock images and cutting-edge captions the way the gods journalists intended, Flipboard allows you to create a personalised "news magazine" that you swipe your way through.
It's not just Flipboard accounts that may be vulnerable, the company warned. "If users connected their Flipboard account to a third-party account, including social media accounts, then the databases may have contained digital tokens used to connect their Flipboard account to that third-party account."
All such tokens have been deleted or replaced.
All passwords have been reset, though Flipboard insisted that not all of its users had been compromised and that it was still "identifying the accounts involved". Law enforcement agencies have, it added, been told of the breach and an unidentified third-party security firm is analysing what happened.
The fallout from this hack is likely to persist. With such a large userbase, the number of affected accounts seems likely to fall into the six-figure bracket – or, if luck is not on their side, a heck of a lot more. ®
Sponsored: How to deliver real-world Cyber Resilience