Timehop database hack sees 21 million users' data stolen

Around 4.7 million people- or one in five affected users- has also had their phone number attached to their account breached

These access keys link the Timehop account to various social media accounts from where Timehop pulls older social media posts and images. We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken.

According to preliminary evidence from the investigation, the intrusion took place on December 19, 2017, when a hacker gained access to an admin account for Timehop's cloud infrastructure.

The company says there is no evidence that any of the stolen data has been used for criminal purposes, though of course any stolen email addresses and phone numbers could be abused in the future, dumped online for free, or sold on to other crooks in due course.

Breach reporting requirements are baked into Europe's recently updated data protection framework, the GDPR, which puts the onus firmly on data controllers to disclose breaches to supervisory authorities - and to do so quickly - with the regulation setting a universal standard of within 72 hours of becoming aware of it (unless the personal data breach is unlikely to result in "a risk to the rights and freedoms of natural persons").

Timehop revealed that its security was breached and that the data of 21 million users was compromised. Another thing the hackers got were the "keys" that allow the app to show you posts from the sources you've chosen.

Dick Cheney Signs Waterboarding Kit For Sacha Baron Cohen's New Show
Not only that, but he gets Cheney to sign a "waterboarding kit" in the clip for the series, which premieres on July 15th. Behind the elaborate setup is a genuine quest for the truth about people, places and politics.

The company said it has reset all its keys out of "abundance of caution", which will require users to re-authenticate their Timehop accounts before again using its service.

"If you have noticed any content not loading, it is because Timehop deactivated these proactively", the company writes. Surprisingly, the account the attacker initially used to access the servers was not secured with two-factor authentication (i.e. when you need to authorize a login in a second way, typically with a code or app on your phone). Furthermore, the company says it's communicating with local and federal law enforcement officials while working through everything.

The idea is that the app turns every day into an anniversary, reminding you of what you were doing on this day last year, three years ago, five years ago, and so on. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don't store copies of your social media profiles, we separate user information from social media content - and we delete our copies of your "Memories" after you've seen them.

Timehop says that it is investigating what happened and conducting a complete audit. "By 4:23 pm, Timehop engineers had begun to implement security measures to restore services and lock down the environment". "As soon as the incident was recognized we began a program of security upgrades".

"The breach occurred because an access credential to our cloud computing environment was compromised", the company said. We will employ the latest encryption techniques in our databases.

Related:

Comments

Latest news

Ethiopia and Eritrea restore ties after 20 years of enmity
He said the Ethiopian leader's visit was "history in the making" and had "set the tone for rapid, positive changes". He has pardoned dissidents, lifted a state of emergency and pledged to partly privatize key state-owned firms.

Trump Administration Freezes Payments to Affordable Care Act Insurers with Sicker Patients
Still, insurers are grappling with changes that the Trump administration and Congress have made to Obamacare for 2019. The move brought a sharp response from health insurers warning of market disruptions and higher costs.

Starbucks: No more plastic straws
The recyclable lids are already in use in about 8,000 Starbucks locations in the United States and Canada , the company said. The move will eliminate more than one billion plastic straws per year from Starbucks stores, the company said.

Bihar girl raped for months by principal, two teachers and 16 students
The accused filmed the act and blackmailed the girl, saying they would make the video public if she informed anyone. However, a few days later, the alleged rapists shared the video with other school friends, the FIR said.

Meet Prince Louis's New Godparents
Both the Queen and the Duke of Edinburgh are to miss Prince Louis' christening later today, Buckingham Palace has confirmed . Proud parents the Duke and Duchess of Cambridge made their way into the service in London with their three children.

Duduzane Zuma granted R100,000 bail
It is alleged that Duduzane was a party to the crime because he was present when the offer was made to Jonas by Gupta . Former President Jacob Zuma's son Duduzane has been formally charged with corruption‚ his lawyer has confirmed.

At Least One Dead After Helicopter Crashes Into Townhouses, Causing Massive Fire
Authorities are responding to an aviation crash, possibly involving a helicopter, in a residential area in Virginia. The crash happened near the College of William and Mary Dillard Complex, prompting an alert from the university.

Xiaomi gets off to a slow start with Hong Kong IPO
Founded in 2010, Xiaomi was the fifth biggest smartphone maker in the world past year , according to research firm IDC. Mo Jia, a Shanghai-based analyst with industry consultancy Canalys, said the weak debut was to be expected.

Roger Federer vs Adrian Mannarino, Wimbledon 2018 live score and latest updates
Rodina, through to the fourth round of a Grand Slam for the first time, was 0-15 against top-20 ranked opponents before the win. I think I'm a pretty good returner, but maybe Roger is serving better than me, but it comes to the close points.

Montgomery County reports spike in West Nile activity
Young children, the elderly and those with lowered immune systems are at greater risk of severe symptoms. Make sure screens fit tightly over doors and windows to keep mosquitoes out of homes.

Travis Pastrana re-creates Evel Knievel jumps
To be here, in Las Vegas , so much of my history has been here. "This was definitely the coolest thing I've ever done". Pastrana surpassed Knievel's jump over 50 crushed cars, done at the Los Angeles Coliseum in 1973, by clearing 52 cars.

Phil Thompson urges Liverpool to sign Harry Maguire
Thompson, who has been impressed by Maguire, was full of praise for the Leicester man. He's also very comfortable on the ball. But I think he would be worth it.

Boris Johnson quits to add to pressure on May over Brexit
Meanwhile, some Remain-supporting politicians said the resignation was evidence of the need for a second referendum. After a visit to Downing Street on Sunday he concluded that he had no choice but to walk.

Chicago march leader says 'the people won today'
"This call to protest on the Dan Ryan, however well-intentioned, is reckless", Illinois State Police Director Leo Schmitz said . Police had warned earlier this week that any pedestrian who entered the expressway would face arrest and prosecution.

Pompeo urges North Korea's Kim to follow Vietnam's example
President Donald Trump was accused of forcing the North Korea summit "for headlines" by MSNBC host Joe Scarborough . The diplomatic disconnect makes it clear that the nations are not on the same page.

Other news