Millions of accounts compromised after the digital nostalgia app Timehop got hacked

Millions of accounts compromised after the digital nostalgia app Timehop got hacked
Timehop, an app that allows you to go through a history of your past posts on various social media, was hacked on July 4th this year, says a post on the company's website. During the attack, account information of about 21 million users was stolen, including names, email addresses and phone numbers of those who used them to login to the app.

The developer ensures that the contents of the posts users compiled through it, called "memories", were not accessed. Another thing the hackers got were the "keys" that allow the app to show you posts from the sources you've chosen. These keys have been since deactivated, which makes them useless for the attackers. Users that have their phone numbers associated with the app are advised to contact their carrier and further secure their accounts, to prevent their number from being ported.

As an extra security measure, all accounts have been logged out. Users must login and re-authenticate each social media account they have connected to Timehop, in order to receive a new and secure key. However, many users are now reporting that they can't log in to their accounts at all, so it seems like the team has some more work before things are back to normal.

According to the release, the attack was detected and interrupted in less than 3 hours of its start. The information was stolen through an administrative account created by an unauthorized user on December 19, 2017. Since the creation of that account it was used four times for what Timehop calls "reconnaissance activities". These activities were not detected by the security software as no data was moved or copied. Logs are still being examined to determine exactly what happened during that time.   

Timehop system administrators have added the necessary protections for the accounts that didn't have them and are confident such an attack can't be repeated. 

Recommended Stories

source: Timehop via Cnet

July 12 update:

As a result of the ongoing investigation, Timehop has released additional information, specifying the type and amount of stolen data.

According to the company, the attackers also have dates of birth and gender information about some of its users. Here are some of the updated numbers:

  • 18.6 million addresses (not 21 million as originally reported);
  • 15.5 million dates of birth;
  • 3.3 million of the accounts had all of the following compromised: name, email, date of birth, phone number;

Full breakdown can be found in the source.

source: Timehop via 9to5mac

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless