The popular Facebook app Timehop, which highlights users’ old social media content has been hacked. The attack took place on the July 4 and resulted in the data of over 21 million users ending up in the hands of hackers. Due to the breach, Timehop has suspended all the social media permissions it held and has begun alerting its users.
In a blog post detailing the attack, Timehop claims to have discovered the attack while it was taking place. While the company was able to interrupt the attack, some user data was still taken. This data includes names, email addresses, and about 4.7 million user phone numbers. Timehop reports that no private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected by the attack.
Timehop users who want to continue using the service will have to re-authenticate the Timehop apps they’re interested in keeping. Until affected users do this, as the apps no longer have permission, their apps will be running dormant. Any apps that are re-authenticated will receive a secure permissions chip, replacing the compromised chips affected by the breach.
The reasoning behind the breach seems to be an issue with the security of the cloud computing service Timehop was using:
“The breach occurred because an access credential to our cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication…”
Timehop hasn’t released the specific details of the breach, but the lack of two-factor authorization means a hacker only needed to guess the password of the account to access all of the data.
This breach only highlights further the importance of taking adequate security measures to protect your data, with two-step authorization being a minimum level of security these days. Now could also be a good time to take a look at the permissions you’ve been giving to third-party apps via your social media and Google accounts. Apps like Timehop take our details and then we don’t even use them that often, while our details remain part of a database that is attractive to thieves and scammers. For information on how to secure your data, check out any of the Softonic tutorials below.
