- The crushing effects of Trump’s abortion ‘gag rule’ on healthcare 1 Year Ago
- How to live stream Pacquiao vs. Thurman Today 6:20 AM
- Review: Hulu with Live TV ensures you always have something to watch Today 6:00 AM
- How to live stream UFC on ESPN 4: Rafael dos Anjos vs. Leon Edwards Today 5:49 AM
- 2020 Democrats refuse to answer our questions about ‘Cats’ Friday 4:14 PM
- Belle Delphine’s Instagram account removed after mass reporting campaign Friday 4:08 PM
- Mariah Carey refuses old-age FaceApp challenge Friday 3:19 PM
- Journalists horrified by consolidation of Gatehouse, Gannett Friday 3:12 PM
- Facebook and Google could be tracking you on porn sites Friday 1:42 PM
- 7 best sites for psychic love readings Friday 1:20 PM
- Driver demonstrates why you always need to read road signs Friday 12:58 PM
- Area 51 remix video proves it’s the summer of Lil Nas X Friday 12:26 PM
- ‘ICE will come’: Convenience store clerk threatens customers speaking Spanish Friday 12:11 PM
- Rand Paul dodges questions about 9/11 Victims Fund, says ‘watch Fox News’ Friday 11:51 AM
- Report: ‘Stranger Things’ season 4 to begin shooting in October Friday 11:03 AM
21 million users affected in Timehop data breach (updated)
Timehop, an app that resurfaces old social media posts for users, revealed that it suffered a security incident that affects 21 million of its customers. This Timehop data breach took place on the Fourth of July, and after discovering and assessing the extent of the issue, the company has revealed details about what happened.
Timehop has detailed the circumstances of its recent data breach in a post on its website. The company learned of the breach as it was happening, at which point engineers were able to disrupt the attack. However, information was still stolen, including the names and email addresses of users. Phone numbers of approximately 4.7 million users were also breached.
No “memories”—social media posts stored by Timehop—were accessed. No private or direct messages were accessed either. Keys that the app uses to show social media posts were compromised, so Timehop deactivated them. If you’re a Timehop user, you’ll need to re-authenticate the app for posts to show up again. (As a security precaution, Timehop also automatically logged all users out of their accounts in order to reset security keys.)
The breach happened when “an access credential to [Timehop’s] cloud computing environment was compromised.” That particular account wasn’t protected by multi-factor authentication; it, and other accounts are now.
According to Timehop, the “damage was limited” since the app only stores the data it absolutely needs in order for the service to run. It doesn’t store credit card or financial data, IP addresses, location data, or any copies of your social media account information. Clearly, if Timehop had been more careless with its security—or more zealous in what data it stored—this data breach could have been far worse.
Security breaches are increasingly becoming not an if, but a when in our digital age. It’s nice to see that, in the case of Timehop, it was able to act swiftly to mitigate its losses, and that it is being transparent with users about exactly what happened and what they need to do to ensure their data remains secure.
Update 12:01pm CT, July 13: In an updated assessment of its data breach shared on July 10, Timehop revealed that additional user information was accessed. This includes gender, date of birth, and country codes for some—but not all—compromised user accounts. A complete breakdown of the number and type of breached user records is available here.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.