"At 2:04 US Eastern Time in the afternoon of the 4th of July 2018, Timehop observed a network intrusion".
Social media aggregation site Timehop has revealed a major breach of customers' personal information affecting 21 million users. During the attack, account information of about 21 million users was stolen, including names, email addresses and phone numbers of those who used them to login to the app.
Timehop stressed that private messages, financial data, social media content, and Timehop data were compromised. Timehop also pointed out that there was no indication that any account was illegitimately accessed. The company said a hacker gained access to its infrastructure and stole details on its users that included usernames, emails, telephone numbers, and access keys.
"We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts", the company said, noting that this applied to all accounts, not just in those in their cloud environment. It has automatically logged everyone out in order to reset security keys.More news: China hits back after USA imposes tariffs worth $34bn
These "keys" allow Timehop to read and show people's social media posts, but not their private messages.
After Timehop detected and stopped the attack, it deauthorized the tokens it uses to communicate with your social media profiles.
TimeHop, an add-on for Facebook which reminds users of all the things that happened to them in the past, remains hugely popular despite Facebook itself now offering similar functionality within the main interface.
Access tokens to your social media and online photo services.More news: Amazon Prime Day: All you need to know
"The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service". "But this employee was here for so long, from back when we were just a baby company, so it seems something got overlooked", he adds. Timehop is in cooperation with local and federal law enforcement officials to investigate further on the breach, and to enhance its security upgrades. We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken.
The company's post, however, does not make clear if it notified affected users before publicly announcing the breach on Twitter and its own website days after the attack took place. "We have retained and have been working closely with our European-based GDPR specialists to assist us in this effort".
Timehop users who are anxious the network intrusion and data breach might have impact their "Streak" - aka the number Timehop displays to denote how many consecutive days they have opened the app - are being reassured by the company that "we will ensure all Streaks remain unaffected by this event".
The stolen data comprised mostly of user names and email addresses.More news: How significant is Trump's Supreme Court pick?
- Trump administration takes another swipe at 'ObamaCare'
- Jailed Iran teen 'confesses' to immoral Instagram dance videos
- After initial tests, HIV vaccine trial on 2600 African women
- France v Belgium: Goalscorers take the eye in Saint Petersburg
- Alexander Zverev defeats Taylor Fritz in Wimbledon second round
- West Nile Virus Found in Mosquitoes in Worcester, Auburn
- The last straw? Starbucks pledges to eliminate plastic straws globally by 2020
- Rafael Nadal reaches quarter-finals of Wimbledon
- Britain's Prince Louis' godparents announced
- Adepoju feels sorry for Russian Federation after Croatia loss