timehop
A Timehop data breach affected 21 million users. A mobile phone screen displays the icons for the social networking apps taken in Manchester, England on March 22, 2018. Oli Scarff/AFP/Getty Images

Timehop is supposed to be a fun, simple way to keep track of what you used to post on social media and occasionally take a walk down memory lane. However, as people were drinking, grilling, and setting off fireworks last week, the social media archival app experienced a massive data breach that could have compromised millions of users’ information.

All the pertinent details of the breach were outlined in a blog post on Timehop’s website over the weekend. According to Timehop, the breach was detected in the early afternoon of July 4. Two hours and 19 minutes later, it was over, but not before tens of millions of users were affected by the attackers.

In all, 21 million accounts were breached, each with a name and email attached to them. A smaller portion of those affected, around 4.7 million, had phone numbers attached to their accounts. Those phone numbers were also breached.

Timehop noted that many of the names associated with the hacked accounts were not full, legal names, but rather social media monikers that might not be as sensitive. The app startup wrote in its blog post that especially important things like “financial data, private messages, direct messages, user photos, user social media content, social security numbers, or other private information” were not acquired by whoever committed the hack.

timehop
A Timehop data breach affected 21 million users. A mobile phone screen displays the icons for the social networking apps Facebook, Twitter and Instagram, taken in Manchester, England on March 22, 2018. Oli Scarff/AFP/Getty Images

The attackers also got access to digital “keys” that gave Timehop permission to dig up users’ old social media posts, so Timehop deactivated those. Users will have to re-authenticate with the app upon logging in again. The app recommends that anyone who used a phone number to log in contact their service provider to shore up their security.

Whoever carried out the attack got started in December 2017 by logging into the app’s cloud computing provider with an “authorized administrative user’s credentials.” Timehop detailed its investigation into the matter in exacting detail in a separate blog post, which can be read here. Timehop told TechCrunch that the entire user base will get an email warning them about the breach, for the sake of transparency.

Founded in 2011, Timehop lets users see what they posted on Facebook, Twitter, or Instagram a year ago to the day they check the app. Timehop allows users to build up “streaks” of consecutive days logging into the app; according to Timehop, these streaks will not be affected by the breach.

RELATED STORIES
Instagram Software Facebook Twitter