Hackers Compromise Data of 21 Million ‘Timehop’ Users

Attackers also obtain phone numbers of 4.7 million account holders

More than 21 million users of the popular cell phone app “Timehop,” which highlights old social media posts, had their data compromised last week after the company says it was targeted by hackers.

In a blog post published Sunday, Timehop revealed its network was breached on July 4 for over two hours.

“The breach occurred because an access credential to our cloud computing environment was compromised,” the blog states. “That cloud computing account had not been protected by multifactor authentication.”

The hackers were able to obtain 21 million users’ names and email addresses during the attack, with 4.7 million of those users also having their phone numbers stolen.

Timehop adds that while access tokens were also taken, the company has since rendered them useless through de-authorization.

“While we investigate, we want to stress two things: First: to date, there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens,” Timehop said. “Second, we want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall.”

The company also stressed that no accounts had been accessed “without authorization.”

“No financial data, private messages, direct messages, user photos, user social media content, social security numbers, or other private information was breached,” the company said.

Timehop has advised users who had their phone number linked to the app to contact their cell service providers in order to lock down their accounts.

The blog post further notes that local and federal law enforcement officials have been called in to investigate the matter as well.


Got a tip? Contact Mikael securely: keybase.io/mikaelthalen