Well last week when everyone in the US was celebrating the 4th of July, Timehop experienced a network intrusion, which breached some of the data held on its platform.
In a rare bout of transparency for a tech company Timehop has revealed information about the data breach.
Here’s what you need to know about the Timehop data breach.
Who has been affected by the Timehop data breach?
Timehop says some of the data about 21 million of its users was breached in the incident.
What data was affected in the breach?
The data breached included names, email addresses and some phone numbers of the 21 million users. Of these 21 million, around 4.7 million accounts have a phone number attached to them.
No private or direct messages, financial data, social media or photo content has been stolen.
Timehop is keen to stress this saying: “None of your ‘memories’ – the social media posts and photos that Timehop stores – were accessed.”
However, in the incident, the encryption keys that let Timehop read and show your social media posts were compromised.
A key encrypts and decrypts data, so when your data is stored it is scrambled into different letters and numbers. If you have the key, you can unlock the data and see what it says. However Timehop says it has deactivated all the keys, so anyone who has them will be unable to use them.
What has happened since?
Since the breach Timehop has been working with security experts, incident response professionals, local and federal law enforcement officials, as well as its social media providers, to ensure that the impact on its users is minimal.
As well, after Timehop deactivated the keys which held information on social media posts, users will need to re-authenticate the app by logging in again.
The company is also working with a cyber threat intelligence and dark web research firm to understand the attack and help prevent any similar incidences happening. This is because it’s likely the data will soon appear in forums and be included in lists that circulate on the internet and dark web.
Yahoo took three years to reveal one billion accounts were hacked, so it’s great to see Timehop being so honest about the recent incident.
Yet, it demonstrates that companies need to be very, very careful when it comes to the user data it holds.
David Emm, principal security researcher at Kaspersky Lab, warned customers to bear in the mind that anything shared with a third party can end up in the public domain.
“With the number of data breaches rising, it’s clear that breaches are not a matter of ‘if’ but ‘when’. Timehop – along with other online providers – had a responsibility to look after the data that has been entrusted to it by its members. This includes the use of two-factor authentication to reduce the risk of accounts being compromised,” said Emm.