Skip to main content
  1. Home
  2. Computing
  3. Social Media
  4. News

Timehop data breach may have compromised 21 million email addresses

Add as a preferred source on Google
Image used with permission by copyright holder

Names and email addresses of as many as 21 million Timehop users may have been compromised as a result of a data breach that occurred on July 4. Timehop, a service that aggregates old photos and posts from various social media accounts — including Facebook, Instagram, Twitter, Google Photos, and Dropbox — discovered the attack on its service as it was unfolding, but it took several hours for the company to contain the breach.

“On July 4, 2018, the attacker(s) conducted activities including an attack against the production database, and transfer of data,” the company revealed a few days following the breach. “At 2:43 pm U.S. Eastern Time the attacker conducted a specific action that triggered an alarm, and Timehop engineers began to investigate. By 4:23 p.m., Timehop engineers had begun to implement security measures to restore services and lock down the environment.”

Recommended Videos

Timehop’s initial investigation revealed that no user content was compromised as a result of the breach. Engineers deactivated keys that linked Timehop’s service with other social media platforms as a response, so users will have to re-authenticate with those services. Still, in addition to names and email addresses, as many as 4.7 million phone numbers may have also been exposed as a result of the attack, TechCrunch reported.

“While we were confident that the access keys to those services had not been used, we felt that potential exposure of that content urgently justified a service interruption to ensure that attackers could not, for example, view personal photos,” the company said. “Through conversations with the information security, engineering, and communications staff at these providers, we were able to deactivate the keys and confirm that no photos had been compromised.” Timehop further noted that these tokens would not have given anyone access to private information, such as Facebook Messenger messages or Twitter Direct Messages.

According to the company, the first stage of the attack occurred on December 19, 2017 when an unauthorized user obtained the credentials of an administrative user to create a new administrative-level account. The attacker was able to do this because the original administrative account was not protected by multi-factor authentication, and Timehop has since taken steps to secure accounts to prevent another similar attack from happening. The attacker used the newly created administrative account to log into Timehop’s servers in March and June, with the attack taking place in July.

Although the attacker may have had access to some of your social posts on Facebook, Instagram, and Twitter, Timehop informed users that “there was a short time window during which it was theoretically possible for unauthorized users to access those posts.” Despite the security breach, Timehop maintains that it found “no evidence that any accounts were accessed without authorization,” and it claims that because it pulls only the data that it needs for the service, it was able to minimize a potentially larger exposure.  Timehop has notified law enforcement about the breach and retained the services of a cybersecurity agency to monitor the dark web to ensure that user data doesn’t get leaked.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Asus ExpertBook Ultra review: A dreamy ultra-thin machine that surprised me with raw power
If thin and light is what you value the most, this one will serve you perfectly, without the obvious performance compromises.
Asus ExpertBook Ultra laptop

See at Amazon

Quick Review

Read more
I found a free Mac diagnostic app that tells you what Apple’s tools don’t
It can check your Mac’s storage, memory, battery, and network
Techtool Lite UI screenshot

Macs have a strong reputation for being smooth and reliable, and Apple’s tight control over hardware and software is a big reason for that. Use one long enough, however, and you may still run into slowdowns, freezes, strange behavior, or that familiar feeling that something is simply off.

Apple’s own tools can help, but only to a point. Disk Utility is useful for storage-related checks, but it does not give you a wider picture of your Mac’s overall health. I recently came across Techtool Lite, a free diagnostic and maintenance app from Micromat that looks at more than just your drive.

Read more
Claude redefined my bond with Macs. I am building my own apps and it’s a bliss.
I talk to Claude. It builds me apps. It's as simple as that!
Claude AI on Mac.

A few days ago, one of my colleagues asked me a favor. They wanted a few iOS and macOS screenshots turned into a mockup image where the UI is rendered on an iPhone and a MacBook. The problem? It was 3 am PST, which meant asking one of my design team colleagues was out of the question. 

Now, there are plenty of online tools that will do it, but you either have to pay for a subscription (as in Canva), or sign up to buy usage credits after a few free trials. Moreover, these editors limit you to a handful of design presets. I turned to Anthropic’s Claude, and within half an hour, I had a screenshot-to-mockup editor built for the entire team to use. Take a look:

Read more