Data breach on Timehop app exposes details of 21 MILLION users

Timehop’s database breached compromising data of 21 million users

Timehop’s database breached compromising data of 21 million users

Once installed, Timehop links to all of your social media accounts including Twitter, Facebook, Instagram, Dropbox, Google Photos, iCloud, and photos stored locally on your PC. Timehop nonetheless shut down access to those access tokens as a precaution.

The stolen data comprised mostly of user names and email addresses.

From those affected users, the hackers also gained access to roughly 4.7 million phone numbers, the company wrote in a Sunday blog post.

Timehop said that the details were stolen because it didn't use two factor authentication (2FA) on its cloud computing login.

Timehop, a mobile app that surfaces old social media posts from the same day but from previous years, has announced a security breach affecting its entire userbase of over 21 million users.

At 2:04 US Eastern Time in the afternoon of the 4th of July 2018, Timehop observed a network intrusion.

It was closed down just two hours and 19 minutes later.

The firm claimed in a post over the weekend that it discovered a network intrusion on July 4, leading to the compromise of names, email addresses and phone numbers. The keys (access tokens) that allow Timehop to read and show your social media posts were compromised, so Timehop has disabled them. These keys have been since deactivated, which makes them useless for the attackers.

As a result, Timehop says users may have been logged out of the app to reset all of the keys. "In general, Timehop only has access to social media posts you post yourself to your profile", it adds.

Subscribe to alerts. A number of institutions that provide financial services, credit card issuers included, offer customers the chance to be notified when they detect suspicious activity.

TimeHop has now invalidated all API tokens and produced one of the most comprehensive security bulletins we've ever seen with a wealth of information including what the implications are under GDPR - or more specifically, that it's not entirely clear. On the upside, users' financial information, social media posts/photos, direct messages, and Timehop streaks remain secure and unaffected.

The groundwork for the attack was started back in mid-December when an unauthorized person used an authorized user's credentials to create a new administrative user account that could access Timehop's Cloud Computing Environment. We immediately conducted a user audit and permissions inventory; changed all passwords and keys; added multifactor authentication to all accounts in all cloud-based services (not just in our Cloud Computing Provider); revoked inappropriate permissions; increased alarming and monitoring; and performed various other technical tasks related to authentication and access management and more pervasive encryption throughout our environment.

"We have now taken steps that include multifactor authentication to secure our authorisation and access controls on all accounts", the blog post said.

Notícias recomendadas

  • Travis Pastrana re-creates Evel Knievel jumps

    Travis Pastrana re-creates Evel Knievel jumps

    EST Sunday on the History Channel . "I'm not done yet, but this was definitely the coolest thing I've ever been able to do". Maryland's own x-games star Travis Pastrana completes three of Evel Knievel's most outrageous stunts in just three hours.

    More Clues About Sacha Baron Cohen's New TV Show

    Cohen's new character and conceit for the show is being kept under wraps for now, but we can't wait to see what he's been up to. Asks a text slide in the teaser for Cohen's new show , which cuts to a montage of various, weird video shots.
    McLaren F1 drivers 'informed, not consulted' on changes - Fernando Alonso

    McLaren F1 drivers 'informed, not consulted' on changes - Fernando Alonso

    However, Brown said it is still possible that Fernando Alonso will push to complete his "triple crown" next year at the Indy 500. Brown said that Andrea Stella will be in charge on race weekends.
  • Amazon Prime Day: All you need to know

    Amazon Prime Day: All you need to know

    " Prime Day is an annual deals event just for Prime members, with more than one million deals worldwide". You can go to Amazon's website right now and create an account to try Amazon Prime for free for 30 days.
    Starbucks Eliminating Plastic Straws from All Stores by 2020

    Starbucks Eliminating Plastic Straws from All Stores by 2020

    Starbucks said the new strawless lids will first be implemented in Seattle and Vancouver in the third quarter of this year. Starbucks announced on Monday it plans to eliminate plastic straws from its 28,000 stores worldwide by 2020.
    6 held, SIT formed in Chhapra gang rape case

    6 held, SIT formed in Chhapra gang rape case

    Her father was away from home for the last six months, and the girl could not muster courage to approach the police. According to government records, 127 minors and women were subjected to rape in the first three months of 2018.
  • Who will Trump nominate to Supreme Court? Time, how to watch, livestream

    Who will Trump nominate to Supreme Court? Time, how to watch, livestream

    Supreme Court this year in a landmark ruling. "And it was one of the big factors that led to his election and holding the U.S. He has another potential advantage: he serves with Judge Maryanne Trump Barry - the president's sister - on the 3rd U.S.
    The British pound dives after Boris Johnson resigns as Foreign Secretary

    The British pound dives after Boris Johnson resigns as Foreign Secretary

    Mr Davis was praised last night by Tory MPs including Jacob Rees-Mogg, who said he would oppose Mrs May's Brexit proposals. British media reported that junior Brexit ministers Steve Baker and Suella Braverman had also resigned .
    Selena Gomez Is All Smiles After Justin Bieber's Engagement

    Selena Gomez Is All Smiles After Justin Bieber's Engagement

    Hearts were broken on Monday morning, not just because it's the start of a new work week, but because Canadian heartthrob Justin Bieber reportedly got engaged over the weekend.
  • UK Foreign Secretary Boris Johnson resigns

    UK Foreign Secretary Boris Johnson resigns

    Mr Johnson's shock departure was the second resignation of a Cabinet "big beast" in less than 24 hours, after Brexit secretary David Davis walked out late on Sunday.
    World Cup has broken ‘stereotypes’ about Russian Federation , says Putin; Fifa seconds it

    World Cup has broken ‘stereotypes’ about Russian Federation , says Putin; Fifa seconds it

    Reuters quoted student Artyom Osadchy as saying: "It was a great match". " Russia has fallen! Hug, cry. Fans spilling out of bars chanted " Russia ", dancing in the street and singing along as music blared.
    Prince Harry & Meghan Markle send wedding thank you cards

    Prince Harry & Meghan Markle send wedding thank you cards

    Meghan, The Duchess of Sussex wore a bold yellow dress on her latest outing with husband Harry, The Duke of Sussex. As it became known, the Duke and Duchess of Sussex sent out thank you letters straight from Kensington Palace .

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.