Timehop database hack sees 21 million users' data stolen | Tech Security

Chemicloud Web Hosting

Web Hosting
timehop.jpg

A Timehop security breach has resulted in 21 million users’ data being compromised.


Jason Cipriani/CNET

Timehop revealed that its security was breached and 21 million of its users’ data was compromised.

The company behind the app — which shows what you shared, tweeted or Instagrammed in years past — said it fought off a “network intrusion” on July 4, but the names, email addresses, and some phone numbers of its users were taken.

About 4.7 million of those accounts had a phone number attached to them.

Timehop notes that none of its “memories” (the social media posts and photos the app stores) were accessed.

However, the “access tokens” that allow the app to link with social media sites such as Facebook, Twitter and Instagram were compromised — potentially allowing the thieves to view social media posts.

The company says it has no evidence that it has actually happened, but it has deauthorized all of the compromised tokens.

As a result of the breach, you’ll have to log back into Timehop next time you load up the app and re-authenticate each service you want to use with it.

Timehop recommends that if you had a phone number attached to your account, you should take extra steps to ensure that their number isn’t ported. In the worst case scenario, hackers could use the stolen number to access bank accounts.

Depending on the provider, adding a PIN to the account can secure the account. In other cases, the provider can limit limit the number’s portability.

hacks of the year","description":"From HBO to Equifax to the NSA, big hacks hit just about every industry in 2017.","slug":"worst-hacks-of-the-year","chapters":{"data":[],"paging":{"total":0,"limit":15,"offset":0}},"datePublished":"2017-12-12 19:52:06","duration":204,"hasCaptions":true,"mpxId":"","mpxRefId":"2KwTCCufDeHA3dCztoXtPsO2d2Wg9uBJ","ratingVChip":"TV-14","primaryTopic":{"id":"1c1fbb47-c387-11e2-8208-0291187b029a"},"author":{"id":"b163284d-6b73-44fc-b3e6-3da66c392d40","firstName":"Ashley","lastName":"Esqueda"},"primaryCollection":{"id":"e237b157-3c0d-4d7f-abd6-f0294260cf01","title":"Hacks"},"image":{"path":"https://cnet3.cbsistatic.com/img/y8TiA7eonMUtGWEQDQDlRYxT_-Q=/1280×720/2017/12/12/19492766-0d3d-422d-bb39-9eabe446c836/gettyimages-527099783.jpg"},"thumbnail":"https://cnet2.cbsistatic.com/img/VuuuOTuMQk2gHdqj5id_K06lLP4=/194×109/2017/12/12/19492766-0d3d-422d-bb39-9eabe446c836/gettyimages-527099783.jpg","isVertical":false,"m3u8":"/videos/manifest/worst-hacks-of-the-year.m3u8","mp4":"https://cnetmedia-a.akamaihd.net/21923/2017/12/22/1114359875799/EOY_BEST-HACKS-2017_1291371_740.mp4","selector":"/videos/selector/worst-hacks-of-the-year/","index":0}]”>


Now Playing:
Watch this:

Worst hacks of the year


3:24

The company says it has notified all EU users in accordance with GDPR.

The security breach was possible because an access credential to Timehope’s cloud computing environment hadn’t been protected by multifactor authentication, but the company says it is now.

Twitter had no comment on the breach.

Timehop nor Facebook didn’t immediately respond to requests for comment.

Phones are getting more valuable to hackers: A shift is coming.

 WPA3 Wi-Fi is here, and it’s harder to hack: That’s good, because the last update was during the George W. Bush administration.

You might also like More from author

Comments are closed.