The company claims that no private messages, financial information or Timehop data (such as streaks) were compromised, and it deletes its copies of your old posts and photos once you've seen them.
These "keys" allow Timehop to read and show people's social media posts, but not their private messages. "In general, Timehop only has access to social media posts you post yourself to your profile", it adds.
The breach affected 21 million users, including their names, some email addresses, and approximately 4.7 million phone numbers attached to their accounts.
"We have deactivated these keys so they can no longer be used by anyone", the company said.
The vast majority of those affected by the "security incident" (as Timehop refers to it) had their names and usernames exposed, but for almost a quarter of them - 4.7 million - phone numbers were also exposed.
In terms of how its network was accessed, it appears that the attacker was able to compromise Timehop's cloud computing environment by targeting an account that had not been protected by multifactor authentication.
The company's post, however, does not make clear if it notified affected users before publicly announcing the breach on Twitter and its own website days after the attack took place. Doing so may end up leading to a bunch of content being inaccessible for a while whilst a new set of keys establishes itself.
But the company has also warned that "there was a short time window during which it was theoretically possible for unauthorized users to access those posts" but has "no evidence that this actually happened". Some fraudsters have begun to immediately discount secure phones altogether. It might also be helpful to institute limits on amounts that can be spent with your card online.
The company says these tokens have been revoked and will no longer work for users.
The company is advising those whose phone number was lifted to take "additional precautions" with their mobile providers.
"We have now taken steps that include multifactor authentication to secure our authorisation and access controls on all accounts", the blog post said.
"These tokens could allow a malicious actor to view without permission some of your social media posts", the company said.
Timehop says it discovered and halted the breach around two hours after it started.
According to its preliminary investigation of the incident, the attacker first accessed Timehop's cloud environment in December - using compromised admin credentials, and apparently conducting reconnaissance for a few days that month, and again for another day in March and one in June, before going on to launch the attack on July 4, during a U.S. holiday. At 2:43 pm US Eastern Time the attacker conducted a specific action that triggered an alarm, and Timehop engineers began to investigate.
Recommended:
-
Woman, 91, killed after aircraft crashes into condo
Anaya said troopers worked with the FAA to come up with a timeline to determine which aircraft were in the area at the time. Authorities are responding to an aviation crash, possibly involving a helicopter, in a residential area in Virginia.Polar fitness app exposed location of soldiers and government agents
This isn't the first time a tracking app has come under fire for potentially revealing military bases and staff routines. There also seems to be no time limit on the information being shared, with data available as far back as 2014.Del Monte Vegetable Snacks Linked to Intestinal Parasite Outbreak
People infected may also experience loss of appetite, weight loss, stomach cramps or pain, nausea, gas and fatigue. Therefore, it is unlikely that cyclosporiasis is passed directly from one person to another. -
Random: Pokémon GO Developer Niantic Has Ingress Netflix Anime In The Works
The two band together when they find themselves on the run from a mysterious antagonist named Jack. Niantic head John Hanke announced that an Ingress animated series will be coming soon to Netflix.Bihar girl alleges gang rape by school teachers and students
The police have registered a case and have formed special teams to nab the absconding accused. The girl said her ordeal continued for seven months till her father was released from jail.Prince Louis' godparents revealed before baptism
Prince William and Kate Middleton have opted for friends, rather than immediate family members, as is custom for royal children. The Queen has been spending time with the duke in Norfolk, and will be travelling back to London on Monday. -
Marvel Studios’ Captain Marvel Completes Principal Photography
The news follows Captain Marvel director Ryan Fleck revealing the film had wrapped two days ago . Brie Larson is joined in the film by Samuel L.France vs Belgium: Thierry Henry in dilemma
On Tuesday, it will be Henry versus France and Henry versus Deschamps, his former teammate for both France and Juventus . That was the last competitive match between the two countries but there have been eight global friendlies since.Phil Mickelson penalised for rules violation again
Almost a month after appalling the golf world (and violating the PGA rulebook) by putting a moving ball at the U.S. The two-stroke penalty led to a double-bogey 6 for Mickelson, who opened the day nine back of the leaders. -
Fans ask Microsoft to make Surface Phone a reality
Microsoft has delayed Andromeda's release so that it has more time to work on Andromeda's OS, but Andromeda itself has not been canceled, at least not yet.Newcastle's opening four games picked for TV
The home game against Chelsea has been put back a day to Sunday, August 26 (4pm) so it can be broadcast, again by Sky. They missed out on streaming cricket's Indian Premier League despite an offer believed to be around £450m past year .CDC Reports 212 Confirmed Cases of Cyclospora in Midwest
A previous major cyclosporiasis outbreak was reported in 2015 , when 546 individuals were infected across 31 states. Symptoms of cyclospora are diarrhea and frequent, sometimes explosive bowel movements, according to the CDC.