Timehop Data Breach Exposed Personal Data of 21 Million Users

Amidst the mess created by the alarming Typeform data breach, hackers have continued targeting other organizations as well. The last week was quite active owing to the recurrent confirmations from various firms affected by the massive Typeform breach. However, another service ‘Timehop’ exposed 21 million users’ details due to a different reason. The reason for Timehop data breach was a hack of their cloud computing.

Timehop Data Breach Leaked 21 Million Records

On July 4, 2018, the time capsule app ‘Timehop’ suffered a major cyber attack by some unknown hackers. Reportedly, this Timehop data breach exposed details of 21 million app users to the hackers. Although, the officials quickly noticed the network intrusion and interrupted the hackers’ access. Yet, they managed to steal a large chunk of data.

After the incident, Timehop officials uploaded the details on their website to inform their users and included a separate technical report with more specific details regarding information security.

According to the firm, the hackers managed to access their servers by exploiting a compromised access credential to their cloud computing environment that lacked ‘multi-factor authentication’. Although, the Timehop engineers intercepted the attack within 2 hours and 19 minutes after noticing the network intrusion the hackers still managed to access some of the users’ data in the meantime. As stated in their press release,

“Names, some email addresses, and some phone numbers belonging to our customers have been compromised. Additionally, “access tokens” provided to Timehop by our social media providers were also taken. These tokens could allow a malicious actor to view without permission some of your social media posts.”

Nonetheless, the service timely deactivated all such tokens to prevent misuse.

Memories And Photos Remained Safe In The Breach – Investigation Underway

Timehop assures its customers that the breached data does not contain any photographs, memories, social media posts, messages, account credentials, or any financial data. It also credits its secure policies for the limited breach.

“Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content – and we delete our copies of your “Memories” after you’ve seen them.”

To ensure users’ security, they quickly invalidated all API credentials. Moreover, they have also involved cybersecurity firms and federal enforcement officials to investigate the matter.

Timehop is a ‘time capsule’ app that collects users’ old social media posts. It lets the users view their memories from Facebook, Twitter, Instagram and Dropbox.

Let us know your thoughts in the comments section.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil