21 Million Users Affected by Timehop Data Breach

21 Million Users Affected by Timehop Data Breach

Timehop disclosed a security breach that has compromised the personal data, including names and emails, of its 21 million users

  • By Sydny Shepard
  • Jul 10, 2018

Timehop, a memory sharing smartphone app, disclosed a security breach that has compromised the personal data, including names and emails, of its 21 million users. Around a fifth of the affected users (4.7 million) have also had a phone number that was attached to their account breached in the attack.

Timehop is a smartphone application designed to resurface old posts from several social media accounts including Facebook, Twitter, Instagram and Google accounts as well as iCloud photos and videos.

The startup said it discovered the attack on July 4 as it was happening and was able to shut it down two hours later, but not before the data of millions was stolen.

According to the preliminary investigation of the incident, the attacker first accessed Timehop's cloud environment in December, using compromised admin credentials, and observed the system for a few days that month and then again in March and June before launching the attack on the 4th.

Timehop publically disclosed the breach in a blog post on Saturday and notified all users through the app on Monday morning. The app says no social media posts were breached during the attack, and the blog emphasizes that none of the content its service lifts from third party social networks was affected.

"With breaches happening every day, it’s nice to see an organization take steps which will help post-breach beyond the free year of credit card monitoring that has become the norm," Travis Smith, principal security researcher at Tripwire said. "Timehop took the time to understand the scope of the breach and what was impacted. This allowed them to deactivate the access keys which the attacker appeared to have been after."

While the social media posts were not affected, the keys that allow Timehop to read the posts were. Users will have to re-authenticate their social media platforms with the app in order to see their memories.

In order to protect the cloud computing environment from future attacks, the startup is implementing multifactor authentication to secure authorization and access controls on all accounts that did not previously have them.

“There is no such thing as perfect when it comes to cyber security but we are committed to protecting user data," the blog post read. "As soon as the incident was recognized we began a program of security upgrades.”

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

Most   Popular

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.