The Timehop breach was more serious than originally thought, the company has confirmed.
Besides phone numbers, usernames and email addresses that the company said were stolen, it has now realised that dates of birth and gender were also stolen.
The data breach saw more than 20 million user accounts compromised, however, no financial data was taken.
Discussing the breach with Tech Crunch, Timehop made it clear that this wasn't a separate data breach that saw dates of birth and gender taken. Instead, it was the same data breach – they just realised hackers took more than originally understood.
The company was quick (maybe a bit too quick) to disclose the fact that it was hacked, and stressed that the investigation is still ongoing. These are the results of that investigation.
On July 4, the service which puts people on the nostalgia train with old social media content has been hacked, and data on 21 million people exposed. The company said no financial data was compromised. Social media content is also safe, and Timehop says nobody tried to breach an account with this information.
It seems as the breach went through a company account used for cloud access. It lasted 19 minutes, after which Timehop managed to block the intruders.
“The breach occurred because an access credential to our cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication," it said.
Image source: Shutterstock/Ai825