Incident Of The Week: 21M Users Affected By Recent Timehop Breach

Company Says 'Memories' Unaffected By Hack

Add bookmark

Dan Gunderman
07/13/2018

(Photo: Piotr Swat/Shutterstock.com)

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. Cyber Security Hub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a widespread data breach at Timehop, an app focusing on “digital nostalgia” (stored photos). The company confirmed that in a July 4 breach, account information for 21 million users was affected.

Hackers allegedly gained access through a credential to a cloud computing environment. A statement on the company’s site reads that the “cloud computing account had not been protected by multifactor authentication.”

It continued: “We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts.”

Timehop said it learned of the breach while it was in progress and was able to interrupt it, “but data was taken.”

The lengthy statement reads, in part, “First off, we would like to unequivocally apologize to our users for this incident. We commit to transparency about this incident, and this document is part of our providing all of our users and partners with the information they need to understand what happened, what we did, how we did it, and how we are working to ensure it never happens again.”

In an update to the document posted on July 10, the company provided more “granular information” about the types of Personally Identifiable Information (PII) that was breached.

It said data sets such as names, email addresses, dates of birth, gender of users, country codes and some phone numbers were lifted.

“We had previously reported email addresses, phone numbers and names. This affects 21 million of our users,” the document states. “No private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected.”

The company reiterated that the “memories” (social media posts and photos) were not accessed.

In an interview with TechCrunch, the company’s COO, Rick Webb said, “That stuff is what we cared about, that stuff was protected. We have to make a mental note to think about everything else.”

Further, following additional forensic reports, the company announced that each account was not affected equally, and that certain ones had more data compromised than others.

What’s more, the “nostalgia” app said that the keys that allow it to read and show social media posts were also involved in the breach. They were de-authorized by Timehop “in concert with its social media provider partners” on July 8.

It did not report the breach (discovered July 5) until after the keys were de-authorized and the social media provider partners had reported that they did not observe suspicious activity. Timehop said that was to deter attackers from zeroing in on Timehop amid the vulnerability.

The company added that users must now re-authenticate the app.

It continued: “In addition to our communications with local and federal law enforcement, we are also in contact with all our social media providers, and will update users as needed, but again: there are no credible reports, and there has been no evidence of, any unauthorized use of…access tokens (provided by social media providers).”

In a bulleted list, Timehop noted that it has conducted an initial audit, engaged a cyber security incident response firm, its cloud computing provider, a cyber threat intelligence and dark web research firm and it’s been in communication with local and federal law enforcement officials.

Be Sure To Check Out: Incident Of The Week: Data Breach Touches Highest Levels Of Australian Govt.