21 Million Timehop Users Affected by Data Breach
On July 4, most Americans celebrated Independence Day with fireworks and cookouts, but 21 million Timehop users had their personal data compromised in a data breach that day.
The company discovered the breach as it was happening and was able to shut off the unauthorized access in just over two hours, but that was enough time for the hackers to steal the names and email addresses of nearly all of their users. It is also believed the hackers secured the phone numbers of nearly 4.7 million customers.
Timehop is an app that collects old posts and photos from users’ Facebook, Instagram, Twitter, and Dropbox accounts, and allows users to re-share these posts on social media.
Initially, “access tokens” were also stolen, which allowed the hackers to view users’ social media posts and photos, but the company has since deactivated these tokens.
The company said there is no evidence that accounts have been accessed by unauthorized users, and they are working with security experts and law enforcement officials to investigate the issue. They also logged all users out of the app to force them to re-authenticate the app and to reset all keys.
The startup has also added multi-factor authentication to its cloud server accounts, which may have prevented this breach.
“The breach occurred because an access credential to our cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication. We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts,” the company stated on its blog.
For users who have had their phone number compromised, the company is advising them to take additional precautions. AT&T, Sprint and Verizon customers can add a PIN to their account, and T-Mobile users should call customer service to request that the portability of their phone number be limited.