Timehop security breach leaked names, email addresses - here's what you can do

  • Timehop security breach leaked names, email addresses - here's what you can do

Timehop security breach leaked names, email addresses - here's what you can do

No financial data, private messages, direct messages, user photos, user social media content, social security numbers, or other private information was breached.

On July 4, Timehop discovered a network intrusion in process.

Timehop says its has notified all its European users of the breach. We have deactivated these keys so they can no longer be used by anyone - so you'll have to re-authenticate to our App. We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. In the worst case scenario, hackers could use the stolen number to access bank accounts. All of them had their names, email addresses and part of the access tokens used to collect information from their social media profiles compromised.

According to its preliminary investigation of the incident, the attacker first accessed Timehop's cloud environment in December - using compromised admin credentials, and apparently conducting reconnaissance for a few days that month, and again for another day in March and one in June, before going on to launch the attack on July 4, during a USA holiday.

If you previously signed in to Timehop with your phone number, you'll want to call your mobile carrier and set up a strong, unique account passcode to protect your account and prevent your number from getting ported, or otherwise tampered with.

Once installed, Timehop links to all of your social media accounts including Twitter, Facebook, Instagram, Dropbox, Google Photos, iCloud, and photos stored locally on your PC.

Timehop also stressed that the attacker likely did not use its access tokens to social media posts. "We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts". Furthermore, the company says it's communicating with local and federal law enforcement officials while working through everything.

A massive data breach on Timehop app has exposed the private details of more than 21 million people, according to a new report.

The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service.

In fact, the Timehop breach happened before the Gentoo one. The attacker then created a new account and logged in four times: twice in December, once in March, and once in June. "As soon as the incident was recognized we began a program of security upgrades". We immediately began actions to deauthorize compromised access tokens, and as we describe below, are worked with our partners to determine whether any of the keys have been used.

In a separate blog post, the firm explained more on how the attack happened, specifically tracing it back to a compromised cloud platform credential. "We will employ the latest encryption techniques in our databases".