Data breach on Timehop app exposes details of 21 MILLION users
09 July, 2018, 20:40 | Author: Eric Barnett
The company claims that no private messages, financial information or Timehop data (such as streaks) were compromised, and it deletes its copies of your old posts and photos once you've seen them.
These "keys" allow Timehop to read and show people's social media posts, but not their private messages. "In general, Timehop only has access to social media posts you post yourself to your profile", it adds.
The breach affected 21 million users, including their names, some email addresses, and approximately 4.7 million phone numbers attached to their accounts.
"We have deactivated these keys so they can no longer be used by anyone", the company said.
The vast majority of those affected by the "security incident" (as Timehop refers to it) had their names and usernames exposed, but for almost a quarter of them - 4.7 million - phone numbers were also exposed.
In terms of how its network was accessed, it appears that the attacker was able to compromise Timehop's cloud computing environment by targeting an account that had not been protected by multifactor authentication.
The company's post, however, does not make clear if it notified affected users before publicly announcing the breach on Twitter and its own website days after the attack took place. Doing so may end up leading to a bunch of content being inaccessible for a while whilst a new set of keys establishes itself.
But the company has also warned that "there was a short time window during which it was theoretically possible for unauthorized users to access those posts" but has "no evidence that this actually happened". Some fraudsters have begun to immediately discount secure phones altogether. It might also be helpful to institute limits on amounts that can be spent with your card online.
The company says these tokens have been revoked and will no longer work for users.
The company is advising those whose phone number was lifted to take "additional precautions" with their mobile providers.
"We have now taken steps that include multifactor authentication to secure our authorisation and access controls on all accounts", the blog post said.
"These tokens could allow a malicious actor to view without permission some of your social media posts", the company said.
Timehop says it discovered and halted the breach around two hours after it started.
According to its preliminary investigation of the incident, the attacker first accessed Timehop's cloud environment in December - using compromised admin credentials, and apparently conducting reconnaissance for a few days that month, and again for another day in March and one in June, before going on to launch the attack on July 4, during a U.S. holiday. At 2:43 pm US Eastern Time the attacker conducted a specific action that triggered an alarm, and Timehop engineers began to investigate.
Anaya said troopers worked with the FAA to come up with a timeline to determine which aircraft were in the area at the time. Authorities are responding to an aviation crash, possibly involving a helicopter, in a residential area in Virginia.
This isn't the first time a tracking app has come under fire for potentially revealing military bases and staff routines. There also seems to be no time limit on the information being shared, with data available as far back as 2014.
People infected may also experience loss of appetite, weight loss, stomach cramps or pain, nausea, gas and fatigue. Therefore, it is unlikely that cyclosporiasis is passed directly from one person to another.
Prince William and Kate Middleton have opted for friends, rather than immediate family members, as is custom for royal children. The Queen has been spending time with the duke in Norfolk, and will be travelling back to London on Monday.
On Tuesday, it will be Henry versus France and Henry versus Deschamps, his former teammate for both France and Juventus . That was the last competitive match between the two countries but there have been eight global friendlies since.
Almost a month after appalling the golf world (and violating the PGA rulebook) by putting a moving ball at the U.S. The two-stroke penalty led to a double-bogey 6 for Mickelson, who opened the day nine back of the leaders.
The home game against Chelsea has been put back a day to Sunday, August 26 (4pm) so it can be broadcast, again by Sky. They missed out on streaming cricket's Indian Premier League despite an offer believed to be around £450m past year .
A previous major cyclosporiasis outbreak was reported in 2015 , when 546 individuals were infected across 31 states. Symptoms of cyclospora are diarrhea and frequent, sometimes explosive bowel movements, according to the CDC.