If you're a Timehop user009 Archives we've got some really bad news. The app, which reminds you of your past social media postings, says it was hacked on July 4.
Timehop says some 21 million users are affected by the data breach, which exposed information such as "names, email addresses, dates of birth, gender of users, country codes, and some phone numbers."
SEE ALSO: Amazon patents hijack-proof delivery dronesIn a company blog post, Timehop says although it learned of the hack while it was happening and was able to interrupt it, "data was taken."
The cause of the hack: Apparently, the company's cloud computing account wasn't protected by multi-factor authentication. Timehop says it's beefed up its security since the incident.
(Now's a good time to remind you to set up two-factor authentication, aka 2FA, to protect your data for any apps and services that support it. There's really no reason not to.)
Timehop says the "keys" that are used to link your social media accounts to the app were breached. As a result, the company's logged all users out of the app to reset the keys. Users will need to log back into all their accounts to re-link them.
"Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content -- and we delete our copies of your “Memories” after you’ve seen them."
Aside from the aforementioned names, email, addresses, dates of birth, gender of users, country codes, and some phone numbers, it appears all other data is safe.
"No private/direct messages, financial data, or social media, or photo content, or Timehop data including streaks were affected," the blog post states.
Additionally, the company says no social media posts were accessed by the intruders. That covers any data from third-party services you may have linked to Timehop, such as Facebook, Instagram, Twitter, Google Photos, Swarm, Dropbox, etc.
There are two ways to log into Timehop: with a Facebook account or your phone number.
If, like me, you use Facebook to log into the app, your phone number is safe.
"FB’s API wouldn’t have given a phone number to us, nor would it allowed the use of a phone number to access anything," Rick Webb, Timehop's COO, confirmed to Mashable over email. "On top of that, the tokens were invalidated before used."
However, if you use your phone number as your sign-in, then it's been stolen by the hackers and you'll want to take extra measures to protect it from being ported. As 9to5Mac notes, ported numbers could be used to obtain 2FA codes for bank accounts.
"Those who use a phone number as a login had their phone number compromised, but it is unrelated to their FB credentials," Webb said.
Timehop says of the 21 million accounts that are affected by the hack, about 4.7 million of them have a phone number attached to them.
Here's what Timehop recommends doing if you use your phone number as your login:
If AT&T, Verizon, or Sprint is your provider, this is accomplished by adding a PIN to your account. See this article for additional information on how to do this.
If you have T-Mobile as your provider, call 611 from your T-Mobile device or 1-800-937-8997 and ask the customer care representative to assist with limiting portability of your phone number.
For all other providers, please contact your cell carrier and ask them how to limit porting or add security to your account.
Maybe.
Even though Timehop has increased its security, the stolen data could still surface online. If your account is affected, make sure you keep an eye out for any suspicious activity.
Timehop even warns there's a good chance the stolen data could surface (emphasis ours):
Timehop has retained the services of a well established cyber threat intelligence company that has been seeking evidence of use of the email addresses, phone numbers, and names of users, and while none have appeared to date, itis a high likelihood that they soon will appear in forums and be included in lists that circulate on the Internet and the Dark Web.
If you don't use Timehop, now's a good time to either delete your account or de-authorize any connected social media accounts. Both can be done from within the app's settings page.
UPDATE: July 11, 2018, 1:11 p.m. EDT This story has been updated to include additional details on Timehop data that was obtained by hackers.
Topics Cybersecurity Privacy
‘Jurassic World’: What was the headbutting dinosaur who saved the day?
Elon Musk sticks to Twitter bet to build world's biggest lithium
Robert Kirkman's super
'Black Australia' on Spotify celebrates Indigenous Australian musicians
Best Samsung deal: Save $60 on 64GB Samsung Galaxy Tab A9
Angela Merkel is the hero Donald Trump haters need
Dinosaur photoshoot is Tyrannosaurus Sexy
What to do when you're the victim of revenge porn
Amazon Pet Day: All the best deals
Robert Kirkman's super
This is the fattest of the extremely fat bears
Rooney Mara reveals she ate pie for the first time at 31
The 'Donutella Versace' is a monstrosity of a donut covered in gold flakes
The 'Third Thumb' prosthetic for anyone makes me really want an extra finger
NYT Connections Sports Edition hints and answers for April 26: Tips to solve Connections #215
Nike will sell sneakers directly on Instagram
This is Doomfist, the 25th 'Overwatch' hero
'Black Australia' on Spotify celebrates Indigenous Australian musicians
The Made in America iPhone: How much would it cost?
Apple rumored to switch to OLED displays for all iPhones next year
Jimmy Kimmel issues statement apologizing for Blackface sketchesApple's Big Sur macOS update adds big Safari redesign, Messages tweaksApple's privacyApple Maps will help drivers avoid redNYC taxis are taking a tip from Uber and pooling ridersJ.K. Rowling reveals exactly what she'd like to happen if Trump visits BritainFinally, there's an app to help you decode your match's messagesDrive an EV across the country using ultraLive blog: Apple reveals new software at WWDC 2020The best 2020 games so far to fill your summer lockdown hours9 of the most memorable late night moments from 2020 (so far)Donald Trump's tweet against London mayor manages to unite everyone in the UKJimmy Kimmel issues statement apologizing for Blackface sketchesMichael Moore wants whistleblowers to share their secrets on TrumpiLeaksRIP Segway PT: A look back at one of the goofiest vehicles everApple makes watchOS 7 official, with handwashing, sleep tracking, and dancingTrump blocked users on Twitter and now they're threatening legal actionDrive an EV across the country using ultraApple Maps will help drivers avoid redApple's privacy The New York Times lawyers are not having any of Donald Trump's lawsuit threats Solar storm is underway, with widespread Auroras possible Thursday and Friday Amazon to add 120,000 seasonal workers to handle your holiday shopping Hundreds of men take pledge to create the first 'city free from porn' Chris Rock announces two new Netflix stand Carrier accidentally sends Google Pixel phone a week early to lucky guy Alex Trebek seriously burns contestant for her music taste Samsung will credit you with $100 if you exchange your Note7 for another Samsung phone Watch Michelle Obama's entire speech on Trump and women Airline kicks passenger off plane for wearing Black Panther hat No contract required: U.S. customers can now buy an unlocked iPhone 7 from Apple This is why #Marmitegate is more important than you think America's favorite undecided voter Ken Bone is now a brand influencer Salary or equity? This website wants to help you understand startup job offers Elton John to pen 'first and only' memoir When Michelle Obama goes high, she takes every woman with her Melania Trump threatens to sue 'People' over sexual misconduct story Participant Media acquires Rainn Wilson's social good video platform SoulPancake 'Dragon Quest Builders' is for 'Minecraft' fans who want noble quests, too The Hover Camera is here, ready to shoot all your aerial selfies
2.2216s , 8224.03125 kb
Copyright © 2025 Powered by 【2009 Archives】,Steady Information Network