Timehop reveals security breach affecting 21 million users
TAMPA, Fla. (WFLA) — A popular app for sharing memories is warning users about a security incident that happened last week resulting in a data breach.
Timehop, an app that allows users to view and share social media posts from the past, says the “network intrusion” happened on the Fourth of July.
The company says even though it learned about the breach as it was happening and interrupted it, data was still taken.
According to Timehop’s website, about 21 million users are affected. Data that was breached includes names, email addresses and some phone numbers. Private and direct messages, financial information and social media content were not impacted.
“None of your ‘memories’ – the social media posts and photos that Timehop stores – were accessed,” the company said in a statement online.
Timehop says keys that allow the app to read and show you previous social media posts were also compromised. Those keys have been deactivated and can no longer be used by anyone.
Timehop says users will have to re-authenticate on the app due to those deactivations.
“Because we have invalidated all API credentials, you will be asked to log in again to Timehop and re-authenticate each service you wish to use with Timehop. This will generate a new, secure token,” the company said. “Because your data’s integrity is our first priority, we have deauthorized tokens as quickly as possible.”
The company says it’s been working with security experts, incident response professionals, law enforcement and social media providers to make sure the impact on users is minimal.
“The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service,” the company statement said. “Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content – and we delete our copies of your ‘Memories’ after you’ve seen them.”
You can learn more about the incident on Timehop’s website, and can read the full technical report here.