Connect with us

Hi, what are you looking for?



Timehop Shares More Details on Data Breach

Timehop has shared additional details about the recent data breach that impacted roughly 21 million user accounts, including what the attackers did once they gained access to the company’s systems and what other type of information was compromised.

Timehop has shared additional details about the recent data breach that impacted roughly 21 million user accounts, including what the attackers did once they gained access to the company’s systems and what other type of information was compromised.

Timehop provides an application that shows users the photos, videos and posts they shared on the current day in previous years on Facebook, Instagram, Twitter and other websites.

Earlier this month, the company revealed that one or more malicious hackers gained unauthorized access to a database storing usernames, phone numbers, email addresses, and social media access tokens for all users, which could have been leveraged to access a user’s posts on social networking websites.

In response to the incident, Timehop invalidated social media tokens to prevent abuse and instructed users to re-authenticate each service.

In an update posted on Wednesday, Timehop revealed that dates of birth, genders, and country codes were also compromised in the incident.

The investigation is ongoing, but so far the company believes the attacker gained access to 20.4 million names, 15.5 million dates of birth, 18.6 million email addresses, 9.2 million gender designations, and 4.9 million phone numbers. Timehop listed separately the number of impacted PII records covered by the recently introduced GDPR.

According to Timehop, the attacker first accessed its systems on December 19, 2017, after stealing an employee’s credentials for the company’s cloud computing environment. The unauthorized access came from an IP address in the Netherlands.

Advertisement. Scroll to continue reading.

The hacker immediately started conducting reconnaissance, including scraping the list of roles and accounts, but the compromised environment had not stored any personal information.

Personal information was copied by Timehop to the compromised database in early April and the attacker only discovered it on June 22. On July 4, the hacker made a copy of the user database and then changed its password. These actions led to service disruptions and internal alerts being triggered, but it took nearly 24 hours for Timehop to determine that it had been breached after the first alert.

“[Timehop engineers] did not immediately suspect a security incident for two reasons that in retrospect are learning moments,” Timehop said. “First, because it was a holiday and no engineers were in the office, he considered it likely that another engineer had been doing maintenance and changed the password. Second, password anomalies of a similar nature had been observed in past outage. He made the decision that the event would be examined the next day, when engineers returned to the office.”

Related:Typeform Data Breach Hits Many Organizations

Related: HR Software Firm PageUp Suffers Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.