Published: Mon, July 09, 2018
Money | By Ralph Mccoy

Nostalgic social network 'Timehop' loses data from 21 million users

Nostalgic social network 'Timehop' loses data from 21 million users

"No private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected", the firm added.

"On July 4, 2018, the attacker (s) conducted activities including an attack against the production database, and transfer of data".

However, the access tokens that allow the app to link with social media sites such as Facebook, Twitter and Instagram were compromised, potentially allowing the thieves to view social media posts.

The breach also led to a loss of access tokens that the service uses to access users' posts on other social networks.

The company says there is no evidence that any of the stolen data has been used for criminal purposes, though of course any stolen email addresses and phone numbers could be abused in the future, dumped online for free, or sold on to other crooks in due course. Timehop has "deactivated these keys so they can no longer be used by anyone - so you'll have to re-authenticate to our App".

The big problem doesn't affect United Kingdom users, but will be making our U.S. cousins sweat - phone numbers were leaked. It has automatically logged everyone out in order to reset security keys.

Bihar: Teen raped by 15 students, principal and teachers for 7 months
Woman police SHO Indra Rani said the survivor would be produced before a judicial magistrate on Saturday to record her statement. Violent crime against women has been on the rise in India despite tough laws that were enacted five years ago.

Seattle becomes first to ban drinking straws
New York City and Los Angeles are said to be considering a similar ban on non-compostable straws and utensils. Neither are plastic utensils in the latest push to reduce waste and prevent marine plastic pollution.

Wimbledon 2018 -- Roger Federer cruises into quarterfinals
Rafael Nadal's uncle and former coach Toni has named Roger Federer as the greatest player of all time. They are the last two mothers remaining in the singles draw of the half-dozen who started.

"However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts - again, we have no evidence that this actually happened", the company noted. You should choose this option on websites that offer it because when an identity-specific action is required on top of entering your password and username, it becomes significantly harder for fraudsters to access your information. Installing anti-malware can also be beneficial. Turn those notifications on to stay informed about credit card activity linked to your account.

The company says these tokens have been revoked and will no longer work for users.

Timehop says it discovered and halted the breach around two hours after it started.

"To reiterate: none of your "memories" - the social media posts & photos that Timehop stores - were accessed", Timehop said in a statement. Surprisingly, the account the attacker initially used to access the servers was not secured with two-factor authentication (i.e. when you need to authorize a login in a second way, typically with a code or app on your phone).

It can't be as almost-comforting on the matter of purloined phone numbers, advising that for those who shared such data with the company "It is recommended that you take additional security precautions with your cellular provider to ensure that your number cannot be ported".

That's very clearly a major security failure - but one Timehop does not explicitly explain, writing only that: "We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts". The company said a hacker gained access to its infrastructure and stole details on its users that included usernames, emails, telephone numbers, and access keys.

Like this: