Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Timehop Data Breach Hits 21 Million Users

Timehop informed users late last week that hackers gained unauthorized access to some of its systems as part of an attack that impacts roughly 21 million accounts.

Timehop informed users late last week that hackers gained unauthorized access to some of its systems as part of an attack that impacts roughly 21 million accounts.

New York-based Timehop has created an application that shows users the photos, videos and posts they shared on the current day in previous years on Facebook, Instagram, Twitter and other websites. The app also allows users to share these memories with their friends.

Timehop hacked

According to Timehop, the attacker accessed a database storing usernames, phone numbers, email addresses and social media access tokens. The incident affects approximately 21 million accounts, but only social media access tokens were exposed for all of them. Roughly 4.7 million accounts included phone numbers.

The compromised tokens can allow a malicious actor to access some of the targeted user’s social media posts, but they do not provide access to private messages. Moreover, Timehop has highlighted that there is no evidence of any unauthorized access using these tokens.

“In general, Timehop only has access to social media posts you post yourself to your profile. However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts – again, we have no evidence that this actually happened,” Timehop said.

The compromised tokens have been invalidated so users will have to re-authenticate each service with Timehop, a process that will generate new tokens.

Advertisement. Scroll to continue reading.

The breach was discovered on July 4, but an investigation conducted by the company showed that the attack started as early as December 19, 2017, when hackers obtained admin credentials for cloud computing services used by Timehop.

“This unauthorized user created a new administrative user account, and began conducting reconnaissance activities within our Cloud Computing Environment. For the next two days, and on one day in March, 2018, and one day in June, 2018, the unauthorized user logged in again and continued to conduct reconnaissance,” the company explained.

The malicious activity was detected on July 4 after the attacker accessed a production database and started transferring data, which triggered an alarm.

Timehop says it took just over two hours to contain the incident after it was detected. The company has launched an investigation in collaboration with law enforcement, an incident response firm, and a threat intelligence company. Timehop has published both high-level and more technical reports on the incident.

The company has also retained the services of GDPR specialists to help it address the implications of the breach in Europe.

Related: Typeform Data Breach Hits Many Organizations

Related: HR Software Firm PageUp Suffers Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.