Timehop breach exposes millions of user details

null

Social media tool Timehop has announced a major data breach, with sensitive personal data of millions of customers exposed. On July 4, the service which puts people on the nostalgia train with old social media content has been hacked, and data on 21 million people exposed.

That data includes phone numbers, usernames and email addresses. The company said no financial data was compromised. Social media content is also safe, and Timehop says nobody tried to breach an account with this information.

"A small number of records included a name, a phone number, and an email address; a somewhat larger number included a name and phone number; a larger number included a name and an email address," the company said. "No financial data, private messages, direct messages, user photos, user social media content, social security numbers, or other private information was breached."

It seems as the breach went through a company account used for cloud access. It lasted 19 minutes, after which Timehop managed to block the intruders.

“The breach occurred because an access credential to our cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication," it said.

To mitigate the damage, the company had to void all social media authorisation tokens. Those that would like to use Timehop again will need to reauthenticate each service.

Image Credit: Balefire / Shutterstock