Timehop hack: 21 million users' data stolen in huge breach

Users' phone numbers and personal information could be at risk

Andrew Griffin
Monday 09 July 2018 10:40 EDT
Comments
Ethernet cables used for internet connection are seen at the headquarters of the Wnet internet service provider in Kiev, Ukraine July 26, 2017
Ethernet cables used for internet connection are seen at the headquarters of the Wnet internet service provider in Kiev, Ukraine July 26, 2017 (REUTERSREUTERS/Valentyn Ogirenko)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Timehop is at the centre of a huge hack, which could have leaked the personal data of millions of its users.

People who have used the app – which gets access to social media accounts and then flags up interesting events that happened in the past – may have had some of their most sensitive information stolen during the breach, Timehop said.

The app says 21 million of its users were caught up in the attack, and that it was still checking whether earlier breaches had occurred. Since many people use the app only in passing, many of those users may no longer be actively using the app.

The affected information included names, email addresses and phone numbers. While the hackers got access to keys that give access to social media accounts, Timehop said those have now been deactivated and so accounts should be safe.

Timehop said it has not seen evidence of those tokens being used to access other accounts. But Timehop users are nonetheless advised to change passwords and watch for suspect activity on their account.

Whether or not they have been caught up in the attack, ever user wil be asked to log back in again, and might find the app doesn't work properly. That is because Timehop have pulled all of the security tokens that are used to validate people's accounts, with the effect that people will be thrown out of them.

But it also strongly advised that people secure their phone numbers, which were leaked in the attack. When that happens – and when it is combined with personal information – it is relatively easy for hackers to "port" the number so that they can receive text messages, potentially giving them access to a whole host of other accounts.

That can be protected against by adding a pin to your phone account, or asking the network to stop the number from being ported.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in