Timehop’s July 4th data breach was even worse than the company originally reported. More personal user data — including users’ dates of birth and genders — was compromised, according to a report from TechCrunch.
An update to Timehop’s report confirms the additional breach. However, the company points out that while 21 million accounts were affected, not all accounts were compromised equally. For example, only 3.3 million accounts had the entirety of their name, email, phone, and date of birth taken, while the full 21 million accounts had at least their names leaked.
Timehop is reassuring users that even though their personal data may have been stolen, the company is positive that users’ content — the “memories” that are stored in the app — wasn’t breached. (It keeps those in a separate, and apparently more secure, database.) “That stuff is what we cared about, that stuff was protected,” Timehop’s COO Rick Webb said in an interview with TechCrunch. “We have to make a mental note to think about everything else” going forward.
Timehop is already working on preventing future breaches by heavily enforcing the use of two-factor authentication on its internal systems and encrypting its databases. For the users who had their data stolen, however, it’s a lot like closing the barn door after the horse has bolted.
Still, at least they’ll have fond memories of the breach to look forward to.