Timehop Service Suffers Data Breach Affecting 21 Million Users [Updated]

by

timehopThe company behind social media app Timehop has revealed its servers suffered a data breach in which the personal details of around 21 million users were stolen.

The company, whose service integrates with users' social media accounts to display photos and memories they may have forgotten about, said it became aware of the attack as it was happening in the early hours of July 4.

In a statement published on Saturday, the company said it was able to shut down its cloud servers two hours and twenty minutes into the attack, but not before a significant number of users' data was stolen.

Hackers made off with the names and emails of 21 million users and the phone numbers of 4.7 million users, but no private/direct messages, financial data, social media, photo content, or Timehop data including streaks were affected, according to the company.

However, the keys that enable the service to read and send social media content to users were compromised in the breach. Timehop has deactivated the keys as a security measure, but that means users will need to re-enable the app's permission to access their accounts if they want to continue using the service.

While we investigate, we want to stress two things: First: to date, there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens.

Second, we want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts - again, we have no evidence that this actually happened.

Notably, Timehop admitted that prior to the breach, the account login process on the compromised cloud server was not protected by multi-factor authentication.

Multi-factor authentication protocols are often used by companies handling large customer databases because they provide hardened security during login attempts by requesting that the user provides extra information only they would know.

The company said it had now reset all its passwords and added multi-factor authentication to all its cloud server accounts, and would continue to work with local and federal law enforcement officials to investigate the incident further.

Update 7/11: Timehop has disclosed that more user information was compromised in the same data breach, including date of birth and gender.

Top Rated Comments

mcdj Avatar
32 months ago
You know you’re old when 21 million people use something you’ve never even heard of.
Score: 12 Votes (Like | Disagree)
riverfreak Avatar
32 months ago
Amazeballs on so many levels. Storing user data unencrypted. They hadn’t been bothered to add MFA before but were able to do so in just a couple of days AFTER the breach. And the attackers got access to auth tokens.

Here’s some lessons kids. Don’t use the login with Facebook feature. Ever. The two seconds of convenience you’ll save just makes Facebooks data collection even more pervasive and pernicious.

Consider whether you really *need* any of these services. Consider whether you should really be connecting anything to social media accounts. Finally go to Facebook right now and try to understand the bizarro privacy settings. Download your data. Check out apps you’ve connected and delete ones you don’t use, recognize, or remember. And consider disabling the “Facebook Platform” option altogether.
Score: 8 Votes (Like | Disagree)
H3LL5P4WN Avatar
32 months ago
I shouldn't care, but I'm laughing myself into a hemorrhage over this.

I told my ex (and her BFF, and I think also his BF) numerous times to turn that garbage off, especially since Failbook and Google Photos have this exact feature built in (and since they're all millennials, FB and Snapchat are all they use).

I do feel bad that 21 million people had to suffer due to this particular posterior bite from Karma, however.
Score: 6 Votes (Like | Disagree)
MacDawg Avatar
32 months ago

Is there a forum / wiki with a master list of breaches like this one?

There was... but it was hacked and all the information was stolen

/jk
Score: 4 Votes (Like | Disagree)
augustrushrox Avatar
32 months ago

Is there a forum / wiki with a master list of breaches like this one?

https://haveibeenpwned.com/
Score: 2 Votes (Like | Disagree)
KPandian1 Avatar
32 months ago
It is not enough that so much personal data is given up by people on Facebook and other social media, they actually fall for a company that "puts it all together" with a selling slogan "Sharing Is Caring!"?

Love the fact that it is "local".
Score: 1 Votes (Like | Disagree)

Top Stories

apple top apps games 2020

Apple Shares Top 20 Most Downloaded Games and Apps of 2020

Tuesday December 1, 2020 9:38 pm PST by
Alongside picks for the top iPhone, iPad, and Mac apps and games of the year, Apple today shared charts featuring the Top Games of 2020 and the Top Apps of 2020, revealing the most popular free and paid apps and games during the year. Among Us! was the top free game of 2020, followed by Call of Duty: Mobile, Roblox, and Subway Surfers. Ink Inc. Tattoo Drawing was the number four free app,...
m1 chip macbook air pro

Developer Delves Into Reasons Why Apple's M1 Chip is So Fast

Monday November 30, 2020 1:57 pm PST by
Apple's M1 chip is the fastest chip that Apple has ever released in a Mac based on single-core CPU benchmark scores, and it beats out many high-end Intel Macs when it comes to multi-core performance. Developer Erik Engheim recently shared a deep dive into the M1 chip, exploring the reasons why Apple's new processor is so much faster than the Intel chips that it replaces. First and foremost,...
iphone8guide b

iOS 14.2 Quietly Added FaceTime 1080p Support to iPhone 8 and Later Models

Wednesday December 2, 2020 3:21 am PST by
Back in early November, Apple released iOS 14.2 and announced with it a slew of new features for iPhones, but one thing it didn't mention was the apparent addition of support for 1080p FaceTime calls on iPhone 8 and later devices. The little-known fact was discovered by MacMagazine, which found that Apple quietly updated the specs pages for devices like iPhone XR shortly after the release of ...
apple briefcase

AppleCare Memo Hints at Potential Hardware Announcement Next Tuesday

Thursday December 3, 2020 9:12 am PST by
Following a busy fall season in which Apple hosted three events in as many months, the company may have one more product announcement in store this year. In an internal memo this week, obtained by MacRumors from a reliable source, Apple informed service providers that it has AppleCare-related changes planned for Tuesday, December 8 at approximately 5:30 a.m. Pacific Time. Specifically, Apple ...
best apps of 2020

Wakeout! Named Apple's Best App of 2020, While Zoom Earns the Title for Best iPad App

Tuesday December 1, 2020 9:26 pm PST by
Apple today shared its App Store Best of 2020 winners, highlighting its picks for the top iOS, iPadOS, and macOS apps and games released over the course of the year. Apple's iPhone App of the Year award went to Wakeout!, which is a family friendly exercise and movement app that encourages people to complete easy exercises while at home. Apple's iPad App of the Year was Zoom, which soared in...
16 inch MBP Mini Led

Kuo: Two Redesigned MacBook Pros in 2021 and New MacBook Air in 2022, All With Apple Silicon and Mini-LED Displays

Wednesday December 2, 2020 5:46 am PST by
Apple plans to release two redesigned MacBook Pros in 2021 and a new MacBook Air in 2022, all with mini-LED displays and Apple Silicon chips, according to TFI Securities analyst Ming-Chi Kuo. In a research note to investors, seen by MacRumors, Kuo explained that two new MacBook Pro models equipped with an all-new form factor design are expected to launch in 2021, and a new "affordable"...
iOS 14

Apple Releases Third Betas of iOS 14.3 and iPadOS 14.3 to Developers [Update: Public Beta Available]

Wednesday December 2, 2020 10:04 am PST by
Apple today seeded the third betas of upcoming iOS 14.3 and iPadOS 14.3 updates to developers for testing purposes, two weeks after releasing the second betas and a month after the launch of iOS and iPadOS 14.2. iOS and iPadOS 14.3 can be downloaded through the Apple Developer Center or over the air after the proper developer profile has been installed. The iOS 14.3 update brings the...
homepod mini amazon echo size

$99 Speaker Showdown: HomePod Mini vs. Amazon Echo and Google Nest Audio

Wednesday December 2, 2020 3:12 pm PST by
Apple recently released the HomePod mini, a new $99 version of the original HomePod that's smaller, cuter, and, most importantly, competitively priced. At $99, the HomePod mini can better compete with affordable smart speakers from companies like Google and Amazon. Subscribe to the MacRumors YouTube channel for more videos. The HomePod mini has been praised for its high-quality sound at its...
Mac Mini 2018

Apple Developers Now Able to Natively Run macOS Within AWS With Amazon EC2 Mac Instances

Monday November 30, 2020 9:01 pm PST by
As AWS re:Invent kicks off, Amazon Web Services today announced new Mac instances for Amazon Elastic Compute Cloud, allowing AWS customers to run on-demand macOS workloads in the AWS cloud for the first time. Amazon says that the new feature extends the flexibility, scalability, and cost benefits of AWS to all Apple developers as those creating apps for iPhone, iPad, Mac, Apple Watch, Apple...
magsafe duo charger

MagSafe Duo Charger for iPhone 12 and Apple Watch Now Available for Purchase

Tuesday December 1, 2020 4:15 pm PST by
Apple today began selling the MagSafe Duo Charger that was announced alongside the new iPhone 12 models back in October. Priced at $129, the MagSafe Duo offers a MagSafe charging puck for the iPhone 12, 12 Pro, 12 Pro Max, and 12 mini, along with an Apple Watch charger. Though the accessory was announced in October and was listed as coming soon, it was not clear when it would launch. Orders...