Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Timehop Data Breach Hits 21 Million Users

Timehop informed users late last week that hackers gained unauthorized access to some of its systems as part of an attack that impacts roughly 21 million accounts.

Timehop informed users late last week that hackers gained unauthorized access to some of its systems as part of an attack that impacts roughly 21 million accounts.

New York-based Timehop has created an application that shows users the photos, videos and posts they shared on the current day in previous years on Facebook, Instagram, Twitter and other websites. The app also allows users to share these memories with their friends.

Timehop hacked

According to Timehop, the attacker accessed a database storing usernames, phone numbers, email addresses and social media access tokens. The incident affects approximately 21 million accounts, but only social media access tokens were exposed for all of them. Roughly 4.7 million accounts included phone numbers.

The compromised tokens can allow a malicious actor to access some of the targeted user’s social media posts, but they do not provide access to private messages. Moreover, Timehop has highlighted that there is no evidence of any unauthorized access using these tokens.

“In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts – again, we have no evidence that this actually happened,” Timehop said.

The compromised tokens have been invalidated so users will have to re-authenticate each service with Timehop, a process that will generate new tokens.

The breach was discovered on July 4, but an investigation conducted by the company showed that the attack started as early as December 19, 2017, when hackers obtained admin credentials for cloud computing services used by Timehop.

“This unauthorized user created a new administrative user account, and began conducting reconnaissance activities within our Cloud Computing Environment. For the next two days, and on one day in March, 2018, and one day in June, 2018, the unauthorized user logged in again and continued to conduct reconnaissance,” the company explained.

Advertisement. Scroll to continue reading.

The malicious activity was detected on July 4 after the attacker accessed a production database and started transferring data, which triggered an alarm.

Timehop says it took just over two hours to contain the incident after it was detected. The company has launched an investigation in collaboration with law enforcement, an incident response firm, and a threat intelligence company. Timehop has published both high-level and more technical reports on the incident.

The company has also retained the services of GDPR specialists to help it address the implications of the breach in Europe.

Related: Typeform Data Breach Hits Many Organizations

Related: HR Software Firm PageUp Suffers Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.