Timehop suffers data breach with 21 million users compromised

Lack of two-factor authentication saw usernames, email addresses, social media tokens and 4.7 million phone numbers taken

Social media app Timehop has fallen victim to a "network intrusion" that could have affected some 21 million of its users because it didn't have multi-factor authentication.

The app, which provides a nostalgia service by resurfacing old photos and posts by connecting to your social media profiles, said it's cloud computing environment was hacked and the usernames, email addresses and the phone numbers of some 4.7 million accounts were taken.

"At 2:04 US Eastern Time in the afternoon of the 4th of July 2018, Timehop observed a network intrusion," the company said in a statement on its website.

"The breach occurred because an access credential to our cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication. We have now taken steps that include multi-factor authentication to secure our authorisation and access controls on all accounts."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Timehop said the attack was detected two hours and nineteen minutes later and engineers were able to lock the hackers out of the system, but a considerable data breach had already taken place by then.

"Access tokens" which are allocated to Timehop by social media providers were also taken and could allow malicious actors to view social media posts of other users without permission.

The company said the stolen tokens can no longer be used as they have been terminated, but stressed that the tokens could not give anyone access to Facebook messenger or direct messages on Instagram or Twitter.

Timehop said it is continuing to investigate, but so far there had been no evidence to suggest any unauthorised access to users accounts.

Users of the service will have to login in again and re-authenticate each service they wish to use with Timehop which will generate a new token. For those that use a phone number as a login, Timehop recommends they take additional security precautions with their cellular provider.

According to a recent study, nearly two-thirds of organisations have admitted that they have still not implemented two-factor authentication. Although Gemalto's 2018 Authentication and Identity Management Index report found that adoption of two-factor authentication is increasing, just a third of staff are required to use it at the moment.

Advertisement - Article continues below

Picture: Shutterstock

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020