Join NexChange - the professional
network for the financial services
industry - and receive a free one-
year subscription to Forbes
Hackers Steal Personal Data From 21 Million Users of Tech Startup's App
Among the user data that was compromised includes dates of birth, gender, country codes, some phone numbers, email addresses and names. The company says that no private/direct messages, financial data, social media or photo content had been compromised.
According to its blog post, Timehop “observed a network intrusion” at 2:04 PM US Eastern Time caused by a compromised access credential to its cloud computing environment. The company indicates that this particular cloud computing account had been unprotected by “multifactor authentication,” but that it has “now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts.”
After the attack was detected, Timehop’s engineers responded to the event and shut down the service. The company says that it has “been working with security experts and incident response professionals, local and federal law enforcement officials, and our social media providers to assure that the impact on our users is minimized.”
The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or (with respect to advertising) IP addresses (but we do log IP addresses for network audit purposes as described in our Terms of Service) ; we don’t store copies of your social media profiles, we separate user information from social media content – and we delete our copies of your “Memories” after you’ve seen them.
As TechCrunch notes, Timehop did not immediately disclose that its network had suffered a security breach, initially saying on Twitter that it had been shutdown because of “unscheduled maintenance.”
We are currently doing some unscheduled maintenance on Timehop. You may have some issues accesing the app until further notice. Please follow this account for updates. Thank you for your patience!
— Timehop (@timehop) July 8, 2018
Users give Timehop access to its photos and social media accounts to archive its content. The New York City-based company has received about $14.1 million in funding to date, according to Crunchbase data.