timehopThe company behind social media app Timehop has revealed its servers suffered a data breach in which the personal details of around 21 million users were stolen.

The company, whose service integrates with users' social media accounts to display photos and memories they may have forgotten about, said it became aware of the attack as it was happening in the early hours of July 4.

In a statement published on Saturday, the company said it was able to shut down its cloud servers two hours and twenty minutes into the attack, but not before a significant number of users' data was stolen.

Hackers made off with the names and emails of 21 million users and the phone numbers of 4.7 million users, but no private/direct messages, financial data, social media, photo content, or Timehop data including streaks were affected, according to the company.

However, the keys that enable the service to read and send social media content to users were compromised in the breach. Timehop has deactivated the keys as a security measure, but that means users will need to re-enable the app's permission to access their accounts if they want to continue using the service.

While we investigate, we want to stress two things: First: to date, there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens.

Second, we want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts - again, we have no evidence that this actually happened.

Notably, Timehop admitted that prior to the breach, the account login process on the compromised cloud server was not protected by multi-factor authentication.

Multi-factor authentication protocols are often used by companies handling large customer databases because they provide hardened security during login attempts by requesting that the user provides extra information only they would know.

The company said it had now reset all its passwords and added multi-factor authentication to all its cloud server accounts, and would continue to work with local and federal law enforcement officials to investigate the incident further.

Update 7/11: Timehop has disclosed that more user information was compromised in the same data breach, including date of birth and gender.

Top Rated Comments

mcdj Avatar
37 months ago
You know you’re old when 21 million people use something you’ve never even heard of.
Score: 12 Votes (Like | Disagree)
riverfreak Avatar
37 months ago
Amazeballs on so many levels. Storing user data unencrypted. They hadn’t been bothered to add MFA before but were able to do so in just a couple of days AFTER the breach. And the attackers got access to auth tokens.

Here’s some lessons kids. Don’t use the login with Facebook feature. Ever. The two seconds of convenience you’ll save just makes Facebooks data collection even more pervasive and pernicious.

Consider whether you really *need* any of these services. Consider whether you should really be connecting anything to social media accounts. Finally go to Facebook right now and try to understand the bizarro privacy settings. Download your data. Check out apps you’ve connected and delete ones you don’t use, recognize, or remember. And consider disabling the “Facebook Platform” option altogether.
Score: 8 Votes (Like | Disagree)
H3LL5P4WN Avatar
37 months ago
I shouldn't care, but I'm laughing myself into a hemorrhage over this.

I told my ex (and her BFF, and I think also his BF) numerous times to turn that garbage off, especially since Failbook and Google Photos have this exact feature built in (and since they're all millennials, FB and Snapchat are all they use).

I do feel bad that 21 million people had to suffer due to this particular posterior bite from Karma, however.
Score: 6 Votes (Like | Disagree)
MacDawg Avatar
37 months ago
Is there a forum / wiki with a master list of breaches like this one?
There was... but it was hacked and all the information was stolen

/jk
Score: 4 Votes (Like | Disagree)
augustrushrox Avatar
37 months ago
Is there a forum / wiki with a master list of breaches like this one?
https://haveibeenpwned.com/
Score: 2 Votes (Like | Disagree)
KPandian1 Avatar
37 months ago
It is not enough that so much personal data is given up by people on Facebook and other social media, they actually fall for a company that "puts it all together" with a selling slogan "Sharing Is Caring!"?

Love the fact that it is "local".
Score: 1 Votes (Like | Disagree)

Top Stories

tracking disabled ios 14 5

Analytics Suggest 96% of Users Leave App Tracking Disabled in iOS 14.5

Friday May 7, 2021 1:51 am PDT by
An early look at an ongoing analysis of Apple's App Tracking Transparency suggests that the vast majority of iPhone users are leaving app tracking disabled since the feature went live on April 26 with the release of iOS 14.5. According to the latest data from analytics firm Flurry, just 4% of iPhone users in the U.S. have actively chosen to opt into app tracking after updating their device...
macbook colors 3d black bezels

Prosser: Next MacBook Air Could Come in Colors Similar to iMac

Friday May 7, 2021 6:55 am PDT by
According to Apple leaker Jon Prosser, Apple's upcoming release of the MacBook Air will feature various colors, similar to the colors in the newly released 24-inch iMac. In the latest video of his YouTube channel Front Page Tech, Prosser says the same source who accurately provided him information on the first Apple silicon iMac coming in colors has told him that he recently saw a prototype...
snapchat dark mode

Snapchat Rolls Out Dark Mode on iOS

Wednesday May 5, 2021 1:17 am PDT by
Nearly two years following the release of iOS and iPadOS 13, which included native, built-in, and systemwide dark mode, Snapchat, one of the world's most prominent social media networks, has finally rolled out a dark mode theme for iOS users. Snapchat began testing a dark mode theme of its app design late last year with a small group of iOS users. Now, Snapchat says that as of this week, it...
tile amazon sidewalk integration

Tile to Leverage Amazon Echo and Ring Devices to Better Compete With AirTags

Friday May 7, 2021 2:07 pm PDT by
Amazon today announced that it is teaming up with Tile to add Amazon Sidewalk integration to Tile's Bluetooth trackers. Amazon Sidewalk, for those unfamiliar, is a network of Amazon Bluetooth devices that's designed to improve the connectivity of devices like the Ring and Amazon Echo. Tile will now be joining Amazon Sidewalk, and through this integration, Amazon Echo and Ring devices will be ...
tile sticker e1570533758981

Tile CEO: 'We Welcome Competition From Apple, But We Think It Needs to Be Fair'

Tuesday May 4, 2021 9:51 am PDT by
Just after Apple announced its AirTags, Tile CEO CJ Prober relayed his concerns about competing with Apple in the tracking space, and said that Tile would ask Congress to investigate Apple's business practices specific to Find My and item trackers. Prober this week did an interview with Bloomberg, where he further expanded on Tile's complaints about Apple and why he feels that Tile is...
airtag 1

AirTag Anti-Stalking Measures 'Just Aren't Sufficient' Says Washington Post Report

Wednesday May 5, 2021 6:03 pm PDT by
The safeguards that Apple built into AirTags to prevent them from being used to track someone "just aren't sufficient," The Washington Post's Geoffrey Fowler said today in a report investigating how AirTags can be used for covert stalking. Fowler planted an AirTag on himself and teamed up with a colleague to be pretend stalked, and he came to the conclusion that the AirTags are a "new means...
signal instagram ads3

Signal Shares the Instagram Ads Facebook Doesn't Want You to See

Wednesday May 5, 2021 1:29 am PDT by
Encrypted messaging app Signal has had a series of Instagram ads blocked from the social media platform, after it attempted to show users how much data the Facebook-owned company collects about them and how it's used to push targeted ads. In a blog post, Signal described how it generated the ads to show users why they were seeing them, simply by declaring upfront the information that the...
fortnite apple logo 2

Epic CEO Tim Sweeney Admits App Store's 30% Cut Is Similar to Consoles, Would Have Accepted Special Deal With Apple

Tuesday May 4, 2021 1:54 pm PDT by
Apple's legal battle with Epic Games is continuing on, and during the second day of the trial, Epic Games' CEO Tim Sweeney continued his testimony against Apple. Sweeney was grilled by Apple's lawyers, and made several points seemingly favorable to Apple. In addition to mentioning how he prefers Apple's iPhone and values Apple's privacy policies that he's aiming to dismantle, Sweeney...
iphone 12 preorder purple

Apple Begins Transition to Randomized Serial Numbers With Purple iPhone 12

Wednesday May 5, 2021 9:17 am PDT by
MacRumors previously reported about Apple's plan to switch to randomized serial numbers for future products starting in early 2021, and this transition has now started with the new purple iPhone 12 model in multiple countries. With assistance from Aaron Zollo, host of the YouTube channel ZolloTech, we can confirm that the purple iPhone 12 released last month has a new 10-character serial...
precision finding developer mode

AirTag Precision Finding Interface Includes Hidden 'Developer Mode'

Thursday May 6, 2021 1:32 am PDT by
A frustrated AirTag owner has inadvertently discovered the existence of a hidden "developer mode" in the on-screen interface that Find My displays when the Precision Finding feature is activated to help locate one of Apple's item trackers. Precision Finding is a feature that provides users with specific on-screen directions for finding a nearby AirTag. iPhones with a U1 chip, which includes ...