Timehop data breach may have compromised 21 million email addresses

what facebook users should know about cambridge analytica and privacy mobile v1

Names and email addresses of as many as 21 million Timehop users may have been compromised as a result of a data breach that occurred on July 4. Timehop, a service that aggregates old photos and posts from various social media accounts — including Facebook, Instagram, Twitter, Google Photos, and Dropbox — discovered the attack on its service as it was unfolding, but it took several hours for the company to contain the breach.

“On July 4, 2018, the attacker(s) conducted activities including an attack against the production database, and transfer of data,” the company revealed a few days following the breach. “At 2:43 pm U.S. Eastern Time the attacker conducted a specific action that triggered an alarm, and Timehop engineers began to investigate. By 4:23 p.m., Timehop engineers had begun to implement security measures to restore services and lock down the environment.”

Timehop’s initial investigation revealed that no user content was compromised as a result of the breach. Engineers deactivated keys that linked Timehop’s service with other social media platforms as a response, so users will have to re-authenticate with those services. Still, in addition to names and email addresses, as many as 4.7 million phone numbers may have also been exposed as a result of the attack, TechCrunch reported.

“While we were confident that the access keys to those services had not been used, we felt that potential exposure of that content urgently justified a service interruption to ensure that attackers could not, for example, view personal photos,” the company said. “Through conversations with the information security, engineering, and communications staff at these providers, we were able to deactivate the keys and confirm that no photos had been compromised.” Timehop further noted that these tokens would not have given anyone access to private information, such as Facebook Messenger messages or Twitter Direct Messages.

According to the company, the first stage of the attack occurred on December 19, 2017 when an unauthorized user obtained the credentials of an administrative user to create a new administrative-level account. The attacker was able to do this because the original administrative account was not protected by multi-factor authentication, and Timehop has since taken steps to secure accounts to prevent another similar attack from happening. The attacker used the newly created administrative account to log into Timehop’s servers in March and June, with the attack taking place in July.

Although the attacker may have had access to some of your social posts on Facebook, Instagram, and Twitter, Timehop informed users that “there was a short time window during which it was theoretically possible for unauthorized users to access those posts.” Despite the security breach, Timehop maintains that it found “no evidence that any accounts were accessed without authorization,” and it claims that because it pulls only the data that it needs for the service, it was able to minimize a potentially larger exposure.  Timehop has notified law enforcement about the breach and retained the services of a cybersecurity agency to monitor the dark web to ensure that user data doesn’t get leaked.

Smart Home

After camera hacks, Nest locks customers out until they change their password

Nest is locking people out of their accounts if it believes there may have been a breach. Users will have to set up a new, secure password before they are able to regain access to their account.
Mobile

Samsung beefs up just about everything in its Galaxy S10 smartphone range

Samsung has unveiled its 2019 flagship smartphone lineup, and there aren't just two phones as usual -- there are four. There's the Galaxy S10, S10 Plus, as well as a new entry called the S10e, as well as the Galaxy S10 5G.
Social Media

Twitter keeps your direct messages, even years after you delete them

Twitter is keeping copies of direct messages sent through the social network even years after users delete them, according to security researcher Karan Saini who discovered an archive containing old DMs from deleted and suspended accounts.
Mobile

Happy Valentine’s Day! Coffee Meets Bagel dating app data may have been breached

Are you planning on using Coffee Meets Bagel to find love on Valentine's Day? If you've been using the app for a while, you'll probably want to change your password -- the company said a data breach may have taken place before May 2018.
Web

Rid yourself of website notification requests in just a few easy steps

Wish you knew how to block browser and website notifications? You can do it on a case by case basis, but that can become dull after the 10th site has asked for your approval. Here's how to block them outright.
Computing

Don't take your provider's word for it. Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.
Computing

Decades-old Apple IIe computer found in dad’s attic, and it still works

A New York law professor went viral last weekend after he discovered an old Apple IIe computer sitting in his dad's attic. In a series of tweets, he showed that the vintage machine still works perfectly fine after 30 years.
Computing

Logitech’s G MX518 gaming mouse pairs classic looks with all-new tech

Logitech is relaunching one of its most popular classic gaming mice, the MX518. Now called the G MX518, it sports upgraded internals that give it a 16,000 DPI optical sensor and new and improved memory.
Computing

Microsoft could be planning a laptop with foldable screen, hints patent filing

Filed in late 2017 and titled "Bendable device with Display in Movable Connection With Body," the patent filing explains a new mechanism for laptops which can eliminate a hinge and allow the screen to fold shut from the inside,
Deals

From Chromebooks to MacBooks, here are the best laptop deals for February 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Computing

Is AMD's Navi back on track for 2019? Here's everything you need to know

AMD's Navi graphics cards could be available as soon as July 2019 — as long as it's not delayed by stock problems. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.
Deals

Here are the best Chromebook deals available in February 2019

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- that won't…
Computing

RTX might be expensive, but the 16 series could have the best Nvidia Turing GPUs

Set to debut at a step below the RTX 2060 on the price and performance spectrums, the GTX 1660 Ti and its other 16-series brethren could be Nvidia's killer mid-range cards of 2019 — especially with Tensor Core-powered DLSS.
Computing

Ryzen 3000 chips will be powerful, and they might be launched as early as July

AMD's upcoming Ryzen 3000 generation of CPUs could be the most powerful processors we've ever seen, with higher core counts, greater clock speeds, and competitive pricing. Here's what we know so far, based on both leaks and the recent…