Popular application Timehop is something a lot of people use in order to look back at posts in famous social media sites – but it appears even Timehop isn’t safe from malicious attackers intent on harming its users. It appears a huge data breach allowed hackers to steal data from as much as 21-million users.
If you’ve ever been the nostalgic kind of person, you’ve likely used Timehop to keep track of your social media activity in the past. Timehop is a popular application that gets integrated into your social media networks and reminds you of posts you’ve made in the same day throughout the years. Unfortunately, it’s also the same app that suffered a data breach courtesy of an attacker just this July 4. The attack resulted with the hacker grabbing a database that has information such as the usernames and email addresses of around 21-million users. Of those users, 4.7-million of them have phone numbers linked to their account, which is the same number they use to log into their Facebook profiles.
The hacker in question also grabbed access to keys and tokens, which are files Timehop use to display and access posts from Facebook, Instagram, and Twitter. When the breach was realized by Timehop, the application quickly deactivated the usage of the tokens – which means the hacker couldn’t use those tokens to get data from iCloud, Google Photos, and Dropbox.
Unfortunately, Timehop has yet to find the culprit responsible for the attacks, and there’s no evidence that the attacker wasn’t able to access any of these accounts during that timespan.
What’s perhaps troubling is the nature of the attack itself, because even basic security measures weren’t enabled. A similar instance happened back in December, when an unauthorized person were actually able to use administrative logins to access Timehop’s cloud computing servers to create a brand new administrative account. Over the next few months, that same account were able to snoop in Timehop’s data just before launching its attack.
Interestingly, the account the hacker was able to access the cloud server in the first place wasn’t using two-factor authentication, where users will have to authorize accounts a second way after the password such as a code to a mobile device. This prompted Timehop to now enable using multifactor authentication across all its user attacks.
Timehop said they were able to discover and halt the breach two (2) hours after it begun, and it cleared out that no financial information, streaks of Timehop data, and private messages were compromised. Timehop said this is because the app deletes its own copies of photos and old posts once they have seen. The app doesn’t store data like IP addresses, location data, and credit card information as well.
You May Also Like: