Timehop, a smartphone app that helps keep track of social media photos from the past, disclosed that their network had a data breach. The announcement was made on a blog post published Sunday, July 8th, 2018, a few days after the breach occurred on a holiday, July 4th, 2018. Timehop states that they had learned of the data breach while it was still in progress and managed to stop the hacker, but some data was disclosed and taken.
The blog post states that the breach occurred through access of their cloud computing account that was not protected by multifactor authentication. The attack was terminated two hours and nineteen minutes after it was detected.
The data taken includes names, email addresses, and phone numbers. The breach affects roughly 21 Million of Timehop’s users. Luckily, no private or direct messages, financial data, social media photo content, or Timehop data including streaks were leaked. The Company has already taken protective measures, disabling “access tokens,” which allows the Timehop user to link the app to other social media platforms, and has frozen user streaks temporarily and maintained them while the breach is being investigated. It has also invalidated all API credentials, meaning users will have to log in to Timehop and re-authenticate each service that users want to access with Timehop.
Timehop is currently working with local and federal enforcement officials to investigate the security breach and has included multifactor authentication to secure authorization and access controls on all accounts.