Some users’ phone numbers were also exposed.
Timehop, the app that lets you link your social media accounts to it and see what you posted/shared years ago, recently confirmed that it had a security breach on July 4, 2018, that exposed the names, email addresses, and phone numbers for its 21 million users.
In an official statement, Timehop says it was able to stop the attack but not before the above data was stolen. On the upside, users’ financial information, social media posts/photos, direct messages, and Timehop streaks remain secure and unaffected.
The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content – and we delete our copies of your "Memories" after you’ve seen them.
After Timehop detected and stopped the attack, it deauthorized the tokens it uses to communicate with your social media profiles. As such, you’ll need to re-link all of your accounts the next time you open the Timehop app.
Most of the affected users had their social media names (not full legal ones) and email addresses compromised, but phone numbers were only stolen if you logged into the Timehop app using your phone number. If you did that, Timehop recommends contacting your wireless carrier to make sure your number can’t be ported somewhere else.
According to Timehop, "there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens."
Timehop’s already completed an initial audit of the situation and is currently in the process of a more thorough one to analyze all of its security measures. Furthermore, the company says it’s communicating with local and federal law enforcement officials while working through everything.
July 9, 2018 at 04:13AM