For those who love looking back on what they’ve posted years before on their social networks, we have some bad news for you. If you’ve been using Timehop to reminisce your online life, the app has recently made the announcement that they experienced a network intrusion last July 4. The good news is that they were able to interrupt it while the breach was in progress and while their investigation is still ongoing, they are now telling users what they are doing to ensure this doesn’t happen again and what users will need to do to make sure their data will not be accessed.
But first, we need to know what actually happened and what information may have been accessed by these hackers. Timehop engineers detected a network intrusion on July 4th (yay, happy independence day) while the breach was still ongoing. Around 21 million user accounts were affected and this includes names, email addresses, and phone numbers. Just under 22% (around 4.7 million) of these accounts have a phone number attached to them. Timehop assures users that no private or direct messages on their social media accounts were accessed and that no financial data were acquired as well.
As soon as the breach was detected, Timehop deactivated the keys that allowed it to read and show your social media posts. They reiterated that the hackers may have been able to access your social media posts but only those that were posted on your profile and not the private messages that you send on your Facebook, Instagram, Twitter, etc. So far, there is no evidence that any of the users’ social media accounts were accessed without authorization. Let’s hope it remains that way.
Meanwhile, if you’re a Timehop user, this is what you will need to do. Since the keys have been revoked and all API credentials have been invalidated, you will have to log in to your account and re-authenticate all the services that you want to connect to the app. This will then generate new and secure tokens and what was previously hacked will no longer be accessible. If you used your phone number to log in, you will now have to take additional security precautions through your carrier so that your number will not be ported. If you’re with AT&T, Verizon, or Sprint, you can add a PIN to your account and if you’re with T-Mobile, you can ask for assistance to limit your number’s portability.
It seems like every other week we get news about an app getting hacked or data getting breached, so we all need to be more aware of extra steps that we can take to secure our devices and apps. Changing your passwords and reviewing app access regularly are just some of the precautions we can take. Also being aware of news items like this helps us to be cautious (hopefully not paranoid) when it comes to the apps we regularly use and maybe even take for granted.