timehopThe company behind social media app Timehop has revealed its servers suffered a data breach in which the personal details of around 21 million users were stolen.

The company, whose service integrates with users' social media accounts to display photos and memories they may have forgotten about, said it became aware of the attack as it was happening in the early hours of July 4.

In a statement published on Saturday, the company said it was able to shut down its cloud servers two hours and twenty minutes into the attack, but not before a significant number of users' data was stolen.

Hackers made off with the names and emails of 21 million users and the phone numbers of 4.7 million users, but no private/direct messages, financial data, social media, photo content, or Timehop data including streaks were affected, according to the company.

However, the keys that enable the service to read and send social media content to users were compromised in the breach. Timehop has deactivated the keys as a security measure, but that means users will need to re-enable the app's permission to access their accounts if they want to continue using the service.

While we investigate, we want to stress two things: First: to date, there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens.

Second, we want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts - again, we have no evidence that this actually happened.

Notably, Timehop admitted that prior to the breach, the account login process on the compromised cloud server was not protected by multi-factor authentication.

Multi-factor authentication protocols are often used by companies handling large customer databases because they provide hardened security during login attempts by requesting that the user provides extra information only they would know.

The company said it had now reset all its passwords and added multi-factor authentication to all its cloud server accounts, and would continue to work with local and federal law enforcement officials to investigate the incident further.

Update 7/11: Timehop has disclosed that more user information was compromised in the same data breach, including date of birth and gender.

Top Rated Comments

mcdj Avatar
81 months ago
You know you’re old when 21 million people use something you’ve never even heard of.
Score: 12 Votes (Like | Disagree)
riverfreak Avatar
81 months ago
Amazeballs on so many levels. Storing user data unencrypted. They hadn’t been bothered to add MFA before but were able to do so in just a couple of days AFTER the breach. And the attackers got access to auth tokens.

Here’s some lessons kids. Don’t use the login with Facebook feature. Ever. The two seconds of convenience you’ll save just makes Facebooks data collection even more pervasive and pernicious.

Consider whether you really *need* any of these services. Consider whether you should really be connecting anything to social media accounts. Finally go to Facebook right now and try to understand the bizarro privacy settings. Download your data. Check out apps you’ve connected and delete ones you don’t use, recognize, or remember. And consider disabling the “Facebook Platform” option altogether.
Score: 8 Votes (Like | Disagree)
H3LL5P4WN Avatar
81 months ago
I shouldn't care, but I'm laughing myself into a hemorrhage over this.

I told my ex (and her BFF, and I think also his BF) numerous times to turn that garbage off, especially since Failbook and Google Photos have this exact feature built in (and since they're all millennials, FB and Snapchat are all they use).

I do feel bad that 21 million people had to suffer due to this particular posterior bite from Karma, however.
Score: 6 Votes (Like | Disagree)
MacDawg Avatar
81 months ago
Is there a forum / wiki with a master list of breaches like this one?
There was... but it was hacked and all the information was stolen

/jk
Score: 4 Votes (Like | Disagree)
augustrushrox Avatar
81 months ago
Is there a forum / wiki with a master list of breaches like this one?
https://haveibeenpwned.com/
Score: 2 Votes (Like | Disagree)
KPandian1 Avatar
81 months ago
It is not enough that so much personal data is given up by people on Facebook and other social media, they actually fall for a company that "puts it all together" with a selling slogan "Sharing Is Caring!"?

Love the fact that it is "local".
Score: 1 Votes (Like | Disagree)

Popular Stories

Generic iOS 18 Feature Real Mock

Apple Shares Full List of Over 250 New Features and Changes Coming With iOS 18

Wednesday September 11, 2024 7:16 am PDT by
Following its iPhone 16 event on Monday, Apple shared a PDF on its website with a list of all new features and changes coming with iOS 18. The list includes many features that were already announced, including Apple Intelligence, new customization options for the Home Screen and Control Center, a redesigned Photos app, several enhancements to the Messages app, a Passwords app, and more....
iphone 16 pro pro max

First iPhone 16 Carrier Deals Include iPhone 16/16 Pro For Free, $1,000 Off iPhone 16 Pro Max

Monday September 9, 2024 3:18 pm PDT by
Apple today announced the latest lineup of iPhones, including the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max. Pre-orders for these devices begin September 13, and if you plan on ordering from a cellular carrier in the United States, there will be plenty of options for discounts from the major carriers. AT&T is offering the iPhone 16 and iPhone 16 Pro at no cost with...
iphone 16 pro models 1

Skipping the iPhone 16 Pro? Here's What's Rumored for iPhone 17 Pro

Wednesday September 11, 2024 8:20 am PDT by
Will you be skipping the iPhone 16 Pro and waiting another year to upgrade? If so, we already have some iPhone 17 Pro rumors for you. Below, we recap key new features rumored for the iPhone 17 Pro models so far: 24MP front camera for all iPhone 17 models: All four iPhone 17 models will feature an upgraded 24-megapixel front-facing camera, according to Apple supply chain analysts Ming-Chi...
iphone 16 lineup colors

Apple Discontinues iPhone 15 Pro, iPhone 15 Pro Max and iPhone 13

Monday September 9, 2024 2:09 pm PDT by
With the launch of the new iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max, Apple has discontinued some of its older iPhones. As of today, Apple is no longer selling the iPhone 13, and the iPhone 15 Pro and iPhone 15 Pro Max have been replaced with the iPhone 16 Pro and iPhone 16 Pro Max. The iPhone SE remains as Apple's most affordable device, with the iPhone 14 and iPhone...
16 pro

Apple Announces iPhone 16 Pro and iPhone 16 Pro Max with Larger Displays, New Camera Control, and More

Monday September 9, 2024 11:13 am PDT by
Apple today announced the iPhone 16 Pro and iPhone 16 Pro Max—its latest flagship smartphones—featuring larger displays, an all-new Camera Control button, and the A18 Pro chip. The iPhone 16 Pro has a 6.3-inch display, while the iPhone 16 Pro Max features a 6.9-inch display—the biggest iPhone display ever. The borders around the display are the thinnest of any Apple device. The...
airpods pro 2 pink

Apple Releases New AirPods Pro 2 Firmware With Support for iOS 18 Features

Tuesday September 10, 2024 11:40 am PDT by
Apple today released a new firmware update for the AirPods Pro 2, including both the Lightning and USB-C versions. The firmware has a build number of 7A294, up from 6F8, and it is available for all AirPods Pro 2 users. Apple has been beta testing this update, but it is launching ahead of when iOS 18 becomes available next Monday. There are multiple features that Apple is adding to the...
maxresdefault

Everything Apple Announced at Today's Event in 13 Minutes

Monday September 9, 2024 6:02 pm PDT by
Apple today held the "It's Glowtime" fall event to debut new iPhone 16 models, a new version of the Apple Watch, new AirPods, and more. It took Apple more than an hour and a half to introduce the new devices, but we've recapped everything in a quick 13 minute video for our readers who want a short but detailed overview of what's new. Subscribe to the MacRumors YouTube channel for more videos. ...