21 million accounts stolen in Timehop app attack

Andy Boxall

In App Business

July 10, 2018

Timehop, an app that helps relive our digital history through social media posts, has reported a serious data breach. On July 4, an attacker broke into its production database and stole data related to 21 million Timehop accounts.

The company says:

“Some data was breached. These include names, email addresses, and some phone numbers. This affects some 21 million of our users. No private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected.”

Because some keys that could allow social media posts to be seen and read were stolen, Timehop has reset its system, and users will have to log in again to create new secure keys. It states no accounts were accessed without authorization during the attack.

In addition to shutting down the tokens, Timehop has audited its accounts, and employed a cyber security firm to respond, including monitoring for the data being sold on the dark web. It’s also working with a threat intelligence firm to prevent attacks from happening again.

The company has posted a comprehensive account of the attack and its response here.