FF12: Use Timehop? Your personal info was likely hacked
Timehop, an application that allows you to see old pictures and posts from your social networking sites, has been hacked.
That means roughly 21 million users have had their personal information stolen by a hacker. Timehop reports that includes names, email addresses, dates of birth, gender of users, country codes, and some phone numbers.
We know the breach may have affected some Kansas users. One user sent FactFinder 12 an email from Timehop indicating there was a breach and that the company wanted to apologize.
"We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken, "Timehop wrote in the email. "We would like to unequivocally apologize to our users for this incident."
Timehop also said on it's website, "no private/direct messages, financial data, or social media or photo content, or Timehop data including streaks were affected."
According to a timeline published on the company's website, the hack took several months.
In December of 2017, a hacker from the Netherlands used an employee's credentials to log onto Timehop's Cloud Computing Environment. From there, the hacker created a new user account with credentials to log back in, the company reported.
For several months, the hacker was accessing the system, "conducting cyber reconnaissance," the company said.
On April 4, 2018, the real employee was working on a database of personal information for migration that would become the target of the attack, the company said.
Then, on July 4th, the company reports the hacker got into the system and started taking snapshots of the database. Timehop says it's engineers noticed the hack as it was in progress and was able to shut it down.
Timehop says it logged all users out of the app out of safety. Once you log in, it says you will have to re-authenticate your account generating a new, secure token. It says if you log into your account and notice any content isn't loading, it's because the company itself deactivated the content.
If you had your phone number on the app, Timehop recommends you contact your phone provider to ensure your number can't be ported. Some providers add a PIN number to your account to accomplish this.
Law enforcement is investigating the hack and Timehop says there's no evidence the data has been used.