timehopThe company behind social media app Timehop has revealed its servers suffered a data breach in which the personal details of around 21 million users were stolen.

The company, whose service integrates with users' social media accounts to display photos and memories they may have forgotten about, said it became aware of the attack as it was happening in the early hours of July 4.

In a statement published on Saturday, the company said it was able to shut down its cloud servers two hours and twenty minutes into the attack, but not before a significant number of users' data was stolen.

Hackers made off with the names and emails of 21 million users and the phone numbers of 4.7 million users, but no private/direct messages, financial data, social media, photo content, or Timehop data including streaks were affected, according to the company.

However, the keys that enable the service to read and send social media content to users were compromised in the breach. Timehop has deactivated the keys as a security measure, but that means users will need to re-enable the app's permission to access their accounts if they want to continue using the service.

While we investigate, we want to stress two things: First: to date, there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens.

Second, we want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts - again, we have no evidence that this actually happened.

Notably, Timehop admitted that prior to the breach, the account login process on the compromised cloud server was not protected by multi-factor authentication.

Multi-factor authentication protocols are often used by companies handling large customer databases because they provide hardened security during login attempts by requesting that the user provides extra information only they would know.

The company said it had now reset all its passwords and added multi-factor authentication to all its cloud server accounts, and would continue to work with local and federal law enforcement officials to investigate the incident further.

Update 7/11: Timehop has disclosed that more user information was compromised in the same data breach, including date of birth and gender.

Top Rated Comments

mcdj Avatar
50 months ago
You know you’re old when 21 million people use something you’ve never even heard of.
Score: 12 Votes (Like | Disagree)
riverfreak Avatar
50 months ago
Amazeballs on so many levels. Storing user data unencrypted. They hadn’t been bothered to add MFA before but were able to do so in just a couple of days AFTER the breach. And the attackers got access to auth tokens.

Here’s some lessons kids. Don’t use the login with Facebook feature. Ever. The two seconds of convenience you’ll save just makes Facebooks data collection even more pervasive and pernicious.

Consider whether you really *need* any of these services. Consider whether you should really be connecting anything to social media accounts. Finally go to Facebook right now and try to understand the bizarro privacy settings. Download your data. Check out apps you’ve connected and delete ones you don’t use, recognize, or remember. And consider disabling the “Facebook Platform” option altogether.
Score: 8 Votes (Like | Disagree)
H3LL5P4WN Avatar
50 months ago
I shouldn't care, but I'm laughing myself into a hemorrhage over this.

I told my ex (and her BFF, and I think also his BF) numerous times to turn that garbage off, especially since Failbook and Google Photos have this exact feature built in (and since they're all millennials, FB and Snapchat are all they use).

I do feel bad that 21 million people had to suffer due to this particular posterior bite from Karma, however.
Score: 6 Votes (Like | Disagree)
MacDawg Avatar
50 months ago
Is there a forum / wiki with a master list of breaches like this one?
There was... but it was hacked and all the information was stolen

/jk
Score: 4 Votes (Like | Disagree)
augustrushrox Avatar
50 months ago
Is there a forum / wiki with a master list of breaches like this one?
https://haveibeenpwned.com/
Score: 2 Votes (Like | Disagree)
KPandian1 Avatar
50 months ago
It is not enough that so much personal data is given up by people on Facebook and other social media, they actually fall for a company that "puts it all together" with a selling slogan "Sharing Is Caring!"?

Love the fact that it is "local".
Score: 1 Votes (Like | Disagree)

Popular Stories

iOS 16 mock for article

Gurman: iOS 16 to Include New Ways of System Interaction and 'Fresh Apple Apps'

Sunday May 15, 2022 6:14 am PDT by
iOS 16 will include new ways of interacting with the system and some "fresh Apple apps," Bloomberg's Mark Gurman has said, offering some more detail on what Apple has in store for the upcoming release of iOS and iPadOS set to be announced in a few weeks at WWDC. In the latest edition of his Power On newsletter, Gurman wrote that while iOS 16 is not likely to introduce a major face-lift to...
maxresdefault

Unbox Therapy Shares Hands-On Look at iPhone 14 Pro Max Replica

Monday May 16, 2022 4:40 am PDT by
YouTuber Unbox Therapy has shared a hands-on look at the iPhone 14 Pro Max using what he claims is a one-to-one replica created by third-party case makers with access to detailed schematics and dimensions for Apple's new upcoming flagship smartphone. As with the iPhone 13 Pro lineup, in 2022, we are expecting a 6.1-inch iPhone 14 Pro and a 6.7-inch iPhone 14 Pro Max, but this time the Pro...
RIP iPod Feature

RIP iPod: A Look Back at Apple's Iconic Music Player Over the Years

Friday May 13, 2022 2:25 pm PDT by
Apple earlier this week announced the discontinuation of the iPod touch, and because it was the last iPod still available for purchase, its sunsetting effectively marks the end of the entire iPod lineup. To send the iPod on its way, we thought it would be fun to take a look back at some of the most notable iPod releases over the last 21 years. Original iPod (2001) Introduced in October...
macOS Monterey 2

Apple Releases macOS Monterey 12.4 With Support for Studio Display Webcam Update

Monday May 16, 2022 10:10 am PDT by
Apple today released macOS Monterey 12.4, the fourth major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.4 comes over two months after the launch of macOS Monterey 12.3, an update that added Universal Control. The ‌‌‌‌‌macOS Monterey‌‌ 12.4 update can be downloaded on all eligible Macs using the Software Update section of System...
iOS 15

Apple Releases iOS 15.5 and iPadOS 15.5 With Wallet and Podcast Updates

Monday May 16, 2022 10:00 am PDT by
Apple today released iOS 15.5 and iPadOS 15.5, the fifth major updates to the iOS and iPadOS 15 operating systems that were initially released in September 2021. iOS and iPadOS 15.5 come a little over two months after the launch of iOS 15.4 and iPadOS 15.4. The iOS 15.5 and iPadOS 15.5 updates can be downloaded for free and the software is available on all eligible devices over-the-air in...
airpodsprodesign

Kuo: AirPods, MagSafe Battery Pack, and Other Apple Accessories Also to Switch to USB-C in Future

Sunday May 15, 2022 5:59 am PDT by
Earlier this week, well-known Apple analyst Ming-Chi Kuo claimed that Apple plans to release at least one iPhone 15 model with a USB-C port in 2023. Now, in a follow-up tweet, he has claimed that accessories like AirPods, the MagSafe Battery Pack, and the Magic Keyboard/Mouse/Trackpad trio would also switch to USB-C in the "foreseeable future." Both the iPhone and all of the aforementioned...
apple tv 4k design green

Apple Releases tvOS 15.5 for Apple TV HD and Apple TV 4K

Monday May 16, 2022 9:57 am PDT by
Apple today released tvOS 15.5, the fifth major update to the tvOS operating system that first launched in September 2021. tvOS 15.5 comes more than two months after the release of tvOS 15.4, an update that brought support for captive WiFi networks. tvOS 15.5 can be downloaded over the air on the Apple TV through the Settings app by going to System > Software Update. ‌‌‌‌‌‌Apple...