Published: Mon, July 09, 2018
Business | By Eloise Houston

Timehop’s database breached compromising data of 21 million users

Timehop’s database breached compromising data of 21 million users

On the upside, users' financial information, social media posts/photos, direct messages, and Timehop streaks remain secure and unaffected.

They did not carry out the attack until July 4, when the attacker transferred the compromised data and attacked Timehop's production database. These keys have been since deactivated, which makes them useless for the attackers.

Allowing any app to access all of your social media accounts requires trust, and that trust has been eroded this week with news Timehop suffered a security incident. Only 22% of its 21 million userbase -roughly 4.7 million users- had a phone number attached to their account.

According to its preliminary investigation of the incident, the attacker first accessed Timehop's cloud environment in December - using compromised admin credentials, and apparently conducting reconnaissance for a few days that month, and again for another day in March and one in June, before going on to launch the attack on July 4, during a United States holiday. According to the release, the attack was detected and interrupted in less than 3 hours of its start.

Timehop, an app which resurfaces memories from your past social media posts, says that it has been hacked. "To reiterate: none of your "memories" - the social media posts & photos that Timehop stores - were accessed".

"We have now taken steps that include multifactor authentication to secure our authorisation and access controls on all accounts", the blog post said. Work is now underway with security experts and law enforcement to not only minimize the impact, but also track down the attackers if possible. Doing so may end up leading to a bunch of content being inaccessible for a while whilst a new set of keys establishes itself.

Timehop, the app that lets you link your social media accounts to it and see what you posted/shared years ago, recently confirmed that it had a security breach on July 4, 2018, that exposed the names, email addresses, and phone numbers for its 21 million users. The intrusion was stopped, but not before data was stolen.

The company has also notified government authorities, contracted an outside firm and conducted its own investigation to learn more about the incident.

Timehop's already completed an initial audit of the situation and is now in the process of a more thorough one to analyze all of its security measures.

There is no such thing as flawless when it comes to cyber security but we are committed to protecting user data. We immediately began actions to deauthorize compromised access tokens, and as we describe below, are worked with our partners to determine whether any of the keys have been used.

Most people can't remember everything they post on Facebook, Twitter and Instagram. "We will employ the latest encryption techniques in our databases".

Like this: