Timehop, an app that resurfaces social media posts of the past, suffered a data breach on July 4th, the company revealed on Sunday. The data of 21 million users was stolen, including names, email addresses, and some phone numbers.
The hacker entered Timehop’s cloud computing account (which wasn’t protected by multifactor authentication), transferred data, and attacked Timehop’s production database. The company said that it noticed the breach two hours after it started and was able to interrupt it, but not before user data was stolen. Users’ private messages, financial data, social media content, and Timehop data were not affected.
The attacker actually begun accessing Timehop’s cloud computing account through an admin user’s credentials on December 19th last year and created a new admin account. They logged in twice in December, once in March, and once in June to survey Timehop’s cloud data, but they didn’t carry out an attack until July 4th.
While users’ personal data hasn’t been circulated online yet, Timehop says it’s employed a cyber threat intelligence company that will track whether the email address, phone numbers, and users’ names appear on forums and lists on the internet and the dark web.
Timehop says that the attacker could have also seen social media posts on your Facebook, Instagram, and Twitter, although there’s no evidence that it happened. “It is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts,” the company said.
While Timehop’s access tokens to social media posts didn’t appear to be used by the attacker, users have been logged out of the app as a precaution. Timehop says it has shut down access, so you’ll need to reauthorize the app.
In response to the breach, Timehop has added multifactor authentication to its cloud-based accounts (including Google Photos and Dropbox), increased its monitoring, and informed law enforcement.