On December 19, 2017 a cyber hacker gained access to Timehop’s cloud-based server and waited until July 4, 2018 to infiltrate an attack, gaining access to databases and exfiltrating data. Within 90 minutes of the attack access was locked down, however, 21-million individuals were already affected.
Timehop users can plug the app into their Facebook, Instagram, Twitter, and Dropbox accounts granting access for the app to collects past posts into a daily nostalgic sharable collection. It is similar to Facebook’s memory feature. This breach means the hackers that gained access could steal your personal data including usernames, emails, phone numbers, and “tokens”, along with years of sensitive social media activity. In other words, all your information will end up on the dark web.
According to a Timehop representative, “While our investigation into this incident (and the possibility of any earlier ones that may have occurred) continues, we are writing to provide our users and partners with all the relevant information as quickly as possible. All the access keys have been de-authorized and cannot be used. Timehop has retained the services of a well-established cyber threat intelligence company that has been seeking evidence of use of the email addresses, phone numbers, and names of users, and while none have appeared to date, it is a high likelihood that they soon will appear in forums and be included in lists that circulate on the Internet and the Dark Web."
If you were one of the 21-million users affected, you should:
- Change your Timehop password, as well as all the passwords used to grant Timehop access to your social media accounts.
- De- authorize your social media accounts and change all passwords before re-authorizing access
- Do no fall victim of email or telephone scams involving this breach. Do not click on unverified links.
Questions? Comments? Concerns? Call us at (650) 762-8545!