Timehop, an application which resurfaces photos and posts from social media accounts, has revealed that 21 million accounts including those of European Union residents, were illegally accessed on July 4. The data impacted includes names, email addresses, and details of 4.7 million phone numbers.
The app alerted its users in the European Union as the breach might have implications under the new GDPR privacy law. Additionally cloud-based accounts like Google Photos and Dropbox have had multi-factor authentication implemented.
Timehop revealed that the hacker accessed the app’s cloud computing account with an administrator’s sign-in details December 19 2017. The attacker then set up a new account and logged in on four occasions in December (twice), once in March and another time in June.
The attack itself was not carried out until July 4, when the hacker downloaded the compromised data and attacked Timehop’s production database. Timehop obstructed the attacker two hours after it identified the breach, but user data was already downloaded by this time.
Private messages, financial data, social media content, and Timehop data were compromised according to the company. There is no proof to suggest that the hacker could have seen individuals were posting on Facebook, Instagram, and Twitter. Timehop shut down access to social media tokens as a precaution. Users must now reauthorize the application.
Timehop also made law enforcement agencies aware of the breach and hired a cyber threat intelligence company to monitor whether users’ email addresses, phone numbers, and names pop up in forums and lists on the internet.
Timehop user are advised to contact the locals carriers to ensure your number cannot be ported. AT&T, Verizon, and Sprint subscribers can add a PIN to their accounts, while T-Mobile subscribers must contact customer service and ask for help to prevent phone number portability.
It is also advisable to update your email account passwords and implement two-factor authentication as extra security measures.