- Report finds some users can’t opt out of Facebook’s face recognition Monday 7:27 PM
- Get emotional over this real-life pastor baptizing an anime girl in virtual reality Monday 6:53 PM
- Twitter wants to know what Jack in the Box did to offend Kim Kardashian Monday 6:38 PM
- ‘Game of Thrones’ meme claims King’s Landing is an ‘inside job’ Monday 6:06 PM
- Report: Personal data of 49 million Instagram influencers exposed online Monday 4:57 PM
- ‘Stranger Things’ season 3 trailer teases a wet, hot American summer Monday 4:02 PM
- What Daenerys’ biggest ‘Game of Thrones’ scenes have in common with Nazi propaganda Monday 3:12 PM
- Here’s what’s coming to Amazon Prime in June Monday 2:11 PM
- Where did Jon Snow go? Unpacking the ‘Game of Thrones’ ending Monday 2:04 PM
- So, did anyone actually win ‘Game of Thrones’? Monday 1:29 PM
- The surprising religious subtext of ‘John Wick: Chapter 3’ Monday 12:53 PM
- Robin Arryn got hot—and the internet is seriously shook Monday 12:40 PM
- Tana Mongeau is going to VidCon a year after TanaCon disaster Monday 12:12 PM
- What have 2020 Democrats said about Alabama’s abortion ban? Monday 11:36 AM
- People keep throwing milkshakes at the U.K.’s far-right politicians Monday 11:10 AM
21 million users affected in Timehop data breach (updated)
Timehop, an app that resurfaces old social media posts for users, revealed that it suffered a security incident that affects 21 million of its customers. This Timehop data breach took place on the Fourth of July, and after discovering and assessing the extent of the issue, the company has revealed details about what happened.
Timehop has detailed the circumstances of its recent data breach in a post on its website. The company learned of the breach as it was happening, at which point engineers were able to disrupt the attack. However, information was still stolen, including the names and email addresses of users. Phone numbers of approximately 4.7 million users were also breached.
No “memories”—social media posts stored by Timehop—were accessed. No private or direct messages were accessed either. Keys that the app uses to show social media posts were compromised, so Timehop deactivated them. If you’re a Timehop user, you’ll need to re-authenticate the app for posts to show up again. (As a security precaution, Timehop also automatically logged all users out of their accounts in order to reset security keys.)
The breach happened when “an access credential to [Timehop’s] cloud computing environment was compromised.” That particular account wasn’t protected by multi-factor authentication; it, and other accounts are now.
According to Timehop, the “damage was limited” since the app only stores the data it absolutely needs in order for the service to run. It doesn’t store credit card or financial data, IP addresses, location data, or any copies of your social media account information. Clearly, if Timehop had been more careless with its security—or more zealous in what data it stored—this data breach could have been far worse.
Security breaches are increasingly becoming not an if, but a when in our digital age. It’s nice to see that, in the case of Timehop, it was able to act swiftly to mitigate its losses, and that it is being transparent with users about exactly what happened and what they need to do to ensure their data remains secure.
Update 12:01pm CT, July 13: In an updated assessment of its data breach shared on July 10, Timehop revealed that additional user information was accessed. This includes gender, date of birth, and country codes for some—but not all—compromised user accounts. A complete breakdown of the number and type of breached user records is available here.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.