Timehop — the social network for those who like to reminisce — has revealed that it fell victim to a security breach on Independence Day. The attacker managed to access an internal database stole the personal data of 21 million users from Timehop’s Cloud Computing Environment.
Timehop — the social network for those who like to reminisce — has revealed that it fell victim to a security breach on Independence Day. The attacker managed to access an internal database stole the personal data of 21 million users from Timehop’s Cloud Computing Environment.
The vast majority of those affected by the “security incident” (as Timehop refers to it) had their names and usernames exposed, but for nearly a quarter of them — 4.7 million — phone numbers were also exposed. The hacker also took access tokens which could be used to view users’ posts.
See also:
Timehop is keen to stress that it quickly deauthorized the stolen token, but it is impossible to say whether the hackers were able to access additional data before this happened. The hack could have been much worse had Timehop not detected it as quickly as it did. The site explains:
The groundwork for the attack was started back in mid-December when an unauthorized person used an authorized user’s credentials to create a new administrative user account that could access Timehop’s Cloud Computing Environment. On a couple of occasions after this, the attacker uses the account to “conduct reconnaissance” before unleashing the Independence Day attack. The site was quickly alerted when this attack started and started to lock down security in around two hours.
In a security notification about the incident Timehop informs users about the impact of what took place:
Timehop says that it is investigating what happened and conducting a complete audit. Following the attack, a number of new security measures have been introduced, including system-wide multi-factor authentication (many people will be concerned that this was not already in place). The company says:
Timehop has also provided a more detailed breakdown of the attack if you want to lean more about what happened.
Image credit: Piotr Swat / Shutterstock
