Expand / Collapse search

Data belonging to 21 million 'Timehop' users may have been exposed in July 4 breach

Published  July 9, 2018 4:25pm CDT
Facebook
FOX 6 Now Milwaukee

MILWAUKEE -- Do you use the "Timehop" feature on Facebook? If so, your data may have been exposed.

Timehop officials posted on their website on Sunday, July 8 information about a data breach that occurred on the Fourth of July.

It happened when "an access credential" to the cloud computing environment was comprised, after it hadn't been protected by multi-factor authentication -- steps that have now been taken.

The attack was detected about two hours later.

Officials said "we learned of the breach while it was still in progress, and were able to interrupt it, but data was taken."

Names, email addresses and phone numbers belonging to some 21 million users may have been exposed.

Timehop officials noted that no private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected, and none of your "Memories," the social media posts that Timehop shares, were accessed.

"Keys" that let Timehop read and show you your social media posts, but not private messages, were also compromised. Timehop officials have deactivated these keys so they can no longer be used by anyone -- so you’ll have to re-authenticate to the app.

If you have noticed any content not loading, it is because Timehop deactivated these proactively.

Officials said at this time, there's no evidence to indicate any accounts were accessed without authorization.

They are working with security experts and incident response professionals to investigate, along with law enforcement and social media providers.

Everyone has been logged out of the Timehop app "in an abundance of caution, to reset all the keys."

Officials noted that "the damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content -- and we delete our copies of your Memories after you’ve seen them."

CLICK HERE for much more, including FAQs and what's next for users.