The company behind social media app Timehop has revealed its servers suffered a data breach in which the personal details of around 21 million users were stolen.
The company, whose service integrates with users' social media accounts to display photos and memories they may have forgotten about, said it became aware of the attack as it was happening in the early hours of July 4.
In a statement published on Saturday, the company said it was able to shut down its cloud servers two hours and twenty minutes into the attack, but not before a significant number of users' data was stolen.
Hackers made off with the names and emails of 21 million users and the phone numbers of 4.7 million users, but no private/direct messages, financial data, social media, photo content, or Timehop data including streaks were affected, according to the company.
However, the keys that enable the service to read and send social media content to users were compromised in the breach. Timehop has deactivated the keys as a security measure, but that means users will need to re-enable the app's permission to access their accounts if they want to continue using the service.
While we investigate, we want to stress two things: First: to date, there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens.Notably, Timehop admitted that prior to the breach, the account login process on the compromised cloud server was not protected by multi-factor authentication.
Second, we want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts - again, we have no evidence that this actually happened.
Multi-factor authentication protocols are often used by companies handling large customer databases because they provide hardened security during login attempts by requesting that the user provides extra information only they would know.
The company said it had now reset all its passwords and added multi-factor authentication to all its cloud server accounts, and would continue to work with local and federal law enforcement officials to investigate the incident further.
Update 7/11: Timehop has disclosed that more user information was compromised in the same data breach, including date of birth and gender.
Tag: security
19 comments
The FTC today won its antitrust lawsuit against Qualcomm over the chipmaker's anticompetitive business practices.
As first reported by legal expert Florian Mueller on his blog FOSS...
Safari on iOS has a surprising number of hidden tricks, letting you manipulate tabs, conduct page-specific searches, and more, and not all of these features are immediately obvious due to the...
Cannes Lions today announced that Apple has been named the Creative Marketer of the Year, marking the first time the Cupertino company has won the award.
Apple was named the Creative Marketer of...
The Apple online store and Apple retail stores in the United States are now offering a new 4K 23.7-inch LG UltraFine Display, which replaces the previously available 4K and 5K displays from LG.
...
Apple today announced the surprise launch of new 13 and 15-inch MacBook Pro models, which are the fastest Mac notebooks ever at the top of the line. The updated machines feature Intel's 8th and...
Alongside the launch of new MacBook Pro models, Apple today introduced a new Backlight Service Program for the 13-inch MacBook Pro.
According to Apple, a "very small percentage" of 2016...
Apple today extended its Keyboard Service Program to all MacBook, MacBook Air, and MacBook Pro models equipped with any generation of its butterfly mechanism keyboard, not long after apologizing over...
It has long been rumored that Apple plans to compete in the electric vehicle market in some capacity, ranging from supplying other automakers with underlying technologies to developing its own...
