Millions of accounts compromised after the digital nostalgia app Timehop got hacked

Millions of accounts compromised after the digital nostalgia app Timehop got hacked
Timehop, an app that allows you to go through a history of your past posts on various social media, was hacked on July 4th this year, says a post on the company's website. During the attack, account information of about 21 million users was stolen, including names, email addresses and phone numbers of those who used them to login to the app.

The developer ensures that the contents of the posts users compiled through it, called "memories", were not accessed. Another thing the hackers got were the "keys" that allow the app to show you posts from the sources you've chosen. These keys have been since deactivated, which makes them useless for the attackers. Users that have their phone numbers associated with the app are advised to contact their carrier and further secure their accounts, to prevent their number from being ported.

As an extra security measure, all accounts have been logged out. Users must login and re-authenticate each social media account they have connected to Timehop, in order to receive a new and secure key. However, many users are now reporting that they can't log in to their accounts at all, so it seems like the team has some more work before things are back to normal.

According to the release, the attack was detected and interrupted in less than 3 hours of its start. The information was stolen through an administrative account created by an unauthorized user on December 19, 2017. Since the creation of that account it was used four times for what Timehop calls "reconnaissance activities". These activities were not detected by the security software as no data was moved or copied. Logs are still being examined to determine exactly what happened during that time.   

Timehop system administrators have added the necessary protections for the accounts that didn't have them and are confident such an attack can't be repeated. 

source: Timehop via Cnet


July 12 update:

As a result of the ongoing investigation, Timehop has released additional information, specifying the type and amount of stolen data.

According to the company, the attackers also have dates of birth and gender information about some of its users. Here are some of the updated numbers:

  • 18.6 million addresses (not 21 million as originally reported);
  • 15.5 million dates of birth;
  • 3.3 million of the accounts had all of the following compromised: name, email, date of birth, phone number;

Full breakdown can be found in the source.

source: Timehop via 9to5mac

FEATURED VIDEO

4 Comments

1. md227a

Posts: 224; Member since: Mar 20, 2012

Do these hackers have anything better to do with their lives? I know the answer is no, but still got to say it

3. Brewski

Posts: 669; Member since: Jun 05, 2012

"...detected and interrupted in less than 3 hours of its start..." -GOOD!!!! "...on December 19, 2017..." -BAD!!!!!!! If they found it so soon why are we just hearing about it now 7 months later? When a company gets hacked and it effects "21 million users" they have an obligation to let their users know ASAP!

4. j2001m

Posts: 3061; Member since: Apr 28, 2014

The username was setup for the hack, on that date and the. The main hack was only just started, this is very normal in hacking, as it take time to work out the best way to get loads of data fast before the auto hacking stopping tool stop them.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.