Timehop has confirmed a data breach took place recently which may have affected 21 million users. Timehop announced the breach over the weekend stating the attack took place on July 4, 2018. Although Timehop also states it was able to interrupt the attack while it was happening to limit the damage done. In spite of the interruption, Timehop has confirmed data was taken during the breach, including user “names, email addresses, and some phone numbers.”
Timehop is a service which lets users connect their social media accounts to their Timehop account with a view to reengaging with images and posts at a later date. It effectively builds on the ‘throwback’ approach to provide users with access to those older social media memories. However, and in spite of the data that has been accessed during this breach, Timehop states "no private/direct messages, financial data, or social media or photo content” were affected. Although users now looking to re-access the app may find they need to re-authenticate when logging in (as well as re-authorize connection to previously-connected social media profiles), as some keys (the method by which Timehop accesses user social media accounts) were taken. These keys have since been deactivated, and Timehop has reset all keys in general, to ensure they are not used to access social media posts.
As part of the announcement, Timehop explains the data breach occurred through its cloud computing environment which was compromised at an admin access level. Timehop states that although multifactor authentication was not in use at the time, it is now to ensure similar incidences do not take place in the future. Timehop also states it’s communicating with “local and federal enforcement officials,” has since undertook “an initial audit,” and hired an “experienced cyber security incident response firm” to deal with the aftermath of the attack. As an additional precaution, however, Timehop is urging those who use their phone number to access the service, to take on additional measures to avoid any further issues (including the porting of the phone number) arising by contacting their carrier. For Timehop users who may be concerned they have been affected by this latest breach, full details on what has happened, and what Timehop is now doing available through the link below.