21 Million Impacted in Timehop Data Breach

I’m a loyal Timehop user. The app links to your social accounts — Facebook, Twitter, Instagram — and shows you what you were up to on a given day in years past. (Facebook later coopted this idea in a feature named … On This Day. It wasn’t a very creative aping.) It has a dinosaur mascot. It’s yellow and cheery and has a streak feature that gasifies checking in on past-life me once a day. Over the weekend, all my social accounts disconnected from Timehop. I assumed it was a glitch and groaned, knowing re-logging in was going to involve a lot of digging through my password keeper — you should have one! — to rectify the situation. As it turns out … it wasn’t a glitch. The app was breached on the Fourth of July, prompting the app to ask all users to log back in.

As many as 21 million people were impacted by the hack, Timehop explained in a post on its website. This included names, email addresses, and phone numbers but did not include “private/direct messages, financial data, or social media or photo content.” Timehop said it took a little over two hours to stop the attack and it is working with a “cyber threat intelligence and dark web research firm” to monitor if any of the breached information ends up online.

From Timehop:

At 2:04 US Eastern Time in the afternoon of the 4th of July 2018, Timehop observed a network intrusion. The breach occurred because an access credential to our cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication. We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts.

Not quite Equifax, but still. Mind your passwords, folks.

21 Million Impacted in Timehop Data Breach