Timehop data breach details


New York-based Timehop Company which provides an application for smartphones users to collect their memories from their old social media posts has disclosed that almost all of the private information of all its 21 million users was hacked by cyber crooks last week.

The hacked info includes usernames, email address, telephone numbers and the virtual keys called ‘Tokens’ to access the social media posts.

Note- To those who do not know what Timehop does, here’s a briefing on it. Timehop is an application which allows users to collect old photos and posts from Facebook, Instagram, Twitter, and Dropbox. In January 2016, the company disclosed that it has over 12 million active users and the count is surging up on a healthy note. It’s similar to Facebook’s memories and is being widely used by Facebook users worldwide on an active note.

As per the details available to our Cybersecurity insiders, Timehop database was intercepted in the late hours of June 4th,2018. However, the interception was detected in the early stages and the technical teams took preventive measures to block the access.

Later the investigation revealed that the incident resulted in leakage of personal details of almost all the users. But the company did not find any evidence of the leaked details used on the dark web.

The security analysts of the company disabled the access keys and have contacted a cyber threat intelligence company to conduct further investigation on the issue.

If in case the accessed info lands on forums through the dark web, then the company could fall into deep trouble as the data watchdog in the United States is taking serious action against such data breach incidents these days.

Timehop says that the app has stopped working on almost all phones because the access tokens have been de-authorized. So, users need to re-login into their respective accounts and need to validate each service they wish to validate which will generate a new security token in an automated way.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display