Hackers stole all personal data of 21 millions users : Timehop Hacked

Hackers stole all personal data of 21 millions users : Timehop Hacked

Sharing is caring!

timehop hacked

Timehop social media app has been hit by a serious knowledge breach on Gregorian calendar month fourth that compromised the private knowledge of its over twenty one million users.

Timehop could be a easy social media app that collects your previous photos and posts from your iPhone, Facebook, Instagram, Twitter and Foursquare and acts as a digital machine to assist you find—what you were doing on this terribly day specifically a year agone.

The company discovered on Sunday that unknown attacker(s) managed to interrupt into its Cloud Computing atmosphere and access the info of entire twenty one million users, as well as their names, email addresses, and more or less four.7 million phone numbers connected to their accounts.

“We learned of the breach whereas it had been still ongoing, and were able to interrupt it, however knowledge was taken. Some knowledge was broken,” the corporate wrote in a very security consultative denote on its web site.
Social Media OAuth2 Tokens additionally Compromised

Moreover, the attackers additionally got their hands on authorization tokens (keys) provided by alternative social networking sites to Timehop for gaining access to your social media posts and pictures.
With access to those tokens, hackers may read a number of your posts on Facebook and alternative social networks while not your permission.

However, Timehop claims that each one the compromised tokens were deauthorized and created invalid among a “short time window” once the corporate detected the breach on its network on Gregorian calendar month fourth at 4:23 PM civil time.

The purloined access tokens can’t be currently accustomed gain access to any of your social media profiles, {and the|and therefore the|and additionally the company also claims that there’s “no proof that this truly happened.

“In addition to our communications with native and federal enforcement, we tend to also are involved with all our social media suppliers, and can update users as required, however again: there are not any credible reports, and there has been no proof of, any unauthorized use of those access tokens,” the corporate aforesaid.

It ought to even be noted that these authorization tokens don’t offer anyone, as well as the corporate itself, access to your personal messages on Facebook traveller, Direct Messages on Twitter and Instagram, and things that your friends post to your Facebook wall.

Timehop is additionally assured that the protection breach didn’t have an effect on your private/direct messages, monetary knowledge, social media and exposure content, and alternative Timehop knowledge as well as streaks and reminiscences.
Timehop additionally acknowledged that there was no proof that any account was accessed while not authorization.
Data Breach assisted By Lack of Two-Factor Authentication

“The breach occurred as a result of Associate in Nursing access written document to our cloud computing atmosphere was compromised,” Timehop aforesaid.

The same day Timehop known the breach on its network, we tend to reportable regarding the Gentoo GitHub account hack that allowed intruders to exchange the content of the project’s repositories and pages with the malicious one, once approximation the account positive identification.

The Gentoo breach was assisted by the dearth of two-factor authentication (2FA) for its Github account. The 2FA makes it necessary for users to enter a further passcode besides the positive identification so as to achieve access to the account.
The same happened with Timehop.

Since the corporate wasn’t exploitation two-factor authentication, the attacker(s) were able to gain access to its cloud computing atmosphere by exploitation compromised written document.
Timehop has currently taken some new security measures that embody system-wide multifactor authentication to secure its authorization and access controls on all accounts.

Timehop straightaway logged out all of its users of the app once the corporate nullified all API credentials, which suggests you’ll ought to re-authenticate every of your social media accounts to the app once you log into your Timehop account to get a brand new token.

The company is additionally operating with security specialists and incident response professionals, native and federal enforcement officers, and its social media suppliers to reduce the impact of the breach on its users.
Since the new GDPR privacy law defines a breach as “likely to lead to a risk to the rights and freedoms of the people,” Timehop claims to possess notified all of its affected European users and is functioning closely with GDPR specialists to help within the countermeasures.

Leave a Comment