If you're a Timehop user, we've got some really bad news. The app, which reminds you of your past social media postings, says it was hacked on July 4. Timehop says some 21 million users are affected by the data breach, which exposed information such as "names, email addresses, dates of birth, gender of users, country codes, and some phone numbers." SEE ALSO: Amazon patents hijack-proof delivery dronesIn a company blog post, Timehop says although it learned of the hack while it was happening and was able to interrupt it, "data was taken." The cause of the hack: Apparently, the company's cloud computing account wasn't protected by multi-factor authentication. Timehop says it's beefed up its security since the incident. (Now's a good time to remind you to set up two-factor authentication, aka 2FA, to protect your data for any apps and services that support it. There's really no reason not to.) Timehop says the "keys" that are used to link your social media accounts to the app were breached. As a result, the company's logged all users out of the app to reset the keys. Users will need to log back into all their accounts to re-link them. "Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content -- and we delete our copies of your “Memories” after you’ve seen them." Your social media content is safeAside from the aforementioned names, email, addresses, dates of birth, gender of users, country codes, and some phone numbers, it appears all other data is safe. "No private/direct messages, financial data, or social media, or photo content, or Timehop data including streaks were affected," the blog post states. Additionally, the company says no social media posts were accessed by the intruders. That covers any data from third-party services you may have linked to Timehop, such as Facebook, Instagram, Twitter, Google Photos, Swarm, Dropbox, etc. How to protect your potentially stolen phone numberThere are two ways to log into Timehop: with a Facebook account or your phone number. If, like me, you use Facebook to log into the app, your phone number is safe. "FB’s API wouldn’t have given a phone number to us, nor would it allowed the use of a phone number to access anything," Rick Webb, Timehop's COO, confirmed to Mashable over email. "On top of that, the tokens were invalidated before used." However, if you use your phone number as your sign-in, then it's been stolen by the hackers and you'll want to take extra measures to protect it from being ported. As 9to5Mac notes, ported numbers could be used to obtain 2FA codes for bank accounts. "Those who use a phone number as a login had their phone number compromised, but it is unrelated to their FB credentials," Webb said. Timehop says of the 21 million accounts that are affected by the hack, about 4.7 million of them have a phone number attached to them. Here's what Timehop recommends doing if you use your phone number as your login:
Should you be worried?Maybe. Even though Timehop has increased its security, the stolen data could still surface online. If your account is affected, make sure you keep an eye out for any suspicious activity. Timehop even warns there's a good chance the stolen data could surface (emphasis ours):
If you don't use Timehop, now's a good time to either delete your account or de-authorize any connected social media accounts. Both can be done from within the app's settings page. UPDATE: July 11, 2018, 1:11 p.m. EDT This story has been updated to include additional details on Timehop data that was obtained by hackers. Featured Video For You This cute robot is every hacker's ultimate nemesis |
Flinks
Links