The company behind social media app Timehop has revealed its servers suffered a data breach in which the personal details of around 21 million users were stolen.
The company, whose service integrates with users' social media accounts to display photos and memories they may have forgotten about, said it became aware of the attack as it was happening in the early hours of July 4.
In a statement published on Saturday, the company said it was able to shut down its cloud servers two hours and twenty minutes into the attack, but not before a significant number of users' data was stolen.
Hackers made off with the names and emails of 21 million users and the phone numbers of 4.7 million users, but no private/direct messages, financial data, social media, photo content, or Timehop data including streaks were affected, according to the company.
However, the keys that enable the service to read and send social media content to users were compromised in the breach. Timehop has deactivated the keys as a security measure, but that means users will need to re-enable the app's permission to access their accounts if they want to continue using the service.
While we investigate, we want to stress two things: First: to date, there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens.Notably, Timehop admitted that prior to the breach, the account login process on the compromised cloud server was not protected by multi-factor authentication.
Second, we want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts - again, we have no evidence that this actually happened.
Multi-factor authentication protocols are often used by companies handling large customer databases because they provide hardened security during login attempts by requesting that the user provides extra information only they would know.
The company said it had now reset all its passwords and added multi-factor authentication to all its cloud server accounts, and would continue to work with local and federal law enforcement officials to investigate the incident further.
Update 7/11: Timehop has disclosed that more user information was compromised in the same data breach, including date of birth and gender.
Tag: security
19 comments
Amazon held a big hardware event today at The Seattle Spheres, located at Amazon's headquarters campus in Washington state. The event was notable for Amazon, with senior vice president of Amazon...
Apple today seeded the first beta of an upcoming iOS 12.1 update to its public beta testing group, two days after releasing the beta to developers and three days after the launch of iOS 12, a new...
iPhone XS, iPhone XS Max, and Apple Watch Series 4 orders are now shipping to customers around the world, with the first deliveries set to arrive at doorsteps tomorrow, Friday, September 21.
...
A few days after unboxing videos for the iPhone XS and iPhone XS Max were shared online, some of the same YouTubers have now provided a glimpse into the unboxing experience of the Apple Watch Series...
Apple says it is working with Health Canada to bring the Apple Watch Series 4's all-new ECG functionality to the Canadian market, according to MobileSyrup's Patrick O'Rourke. No timeframe...
Dutch repair site FixjeiPhone today shared a teardown of the iPhone XS, providing us with our first look inside the 5.8-inch model.
A side-by-side comparison shot with the iPhone X reveals that...
Reviews for the new Apple Watch Series 4 models went live this morning ahead of Friday's launch, and in a new press release, Apple has highlighted reviews from several members of the media who...
Apple's newest operating system, iOS 12, is installed on just over 10 percent of devices 48 hours after it launched according to data collected by analytics company Mixpanel. The data suggests...
