Millions of accounts compromised after the digital nostalgia app Timehop got hacked

Timehop, an app that allows you to go through a history of your past posts on various social media, was hacked on July 4th this year, says a post on the company's website. During the attack, account information of about 21 million users was stolen, including names, email addresses and phone numbers of those who used them to login to the app.

The developer ensures that the contents of the posts users compiled through it, called "memories", were not accessed. Another thing the hackers got were the "keys" that allow the app to show you posts from the sources you've chosen. These keys have been since deactivated, which makes them useless for the attackers. Users that have their phone numbers associated with the app are advised to contact their carrier and further secure their accounts, to prevent their number from being ported.

As an extra security measure, all accounts have been logged out. Users must login and re-authenticate each social media account they have connected to Timehop, in order to receive a new and secure key. However, many users are now reporting that they can't log in to their accounts at all, so it seems like the team has some more work before things are back to normal.

According to the release, the attack was detected and interrupted in less than 3 hours of its start. The information was stolen through an administrative account created by an unauthorized user on December 19, 2017. Since the creation of that account it was used four times for what Timehop calls "reconnaissance activities". These activities were not detected by the security software as no data was moved or copied. Logs are still being examined to determine exactly what happened during that time.