Timehop hit by a security breach that compromised millions of users, social app says

Timehop was hit with a data breach on July 4 that compromised the personal data for nearly everyone who uses the service. Names and emails were exposed for 21 million users, while 4.7 million also had their phone number breached. Timehop announced the compromise on Saturday, July 7. 

The security breach started on Wednesday, July 4 at 2:04 EDT and lasted for 2 hours and 19 minutes. Timehop notes that no media content, financial data, or Timehop data was affected by the breach. As a precaution, Timehop users will need to re-authenticate their social accounts with the app to continue to use the service.

Two big takeaways on the breach are:

  • To reiterate: none of your “memories” – the social media posts & photos that Timehop stores – were accessed.

  • We have no evidence that any accounts were accessed without authorization.

As Timehop explains:

We want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile …

The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content — and we delete our copies of your “Memories” after you’ve seen them.

With the free Timehop service, you can relive memories by connecting your social networking accounts such as Facebook, Twitter, Instagram, and Swarm. Then, previous events are presented on anniversary days. You can also attach photos from Dropbox, Google, and your Camera Roll.

For example, today is July 9, 2018. Therefore, Timehop will show images, tweets, and other information it has collected from your account that has occurred on July 9 in past years.

For more information on this breach, visit the Timehop website at this link.

The Timehop breach began at approximately 2 a.m. EDT on Wednesday, July 4 and lasted for just over two hours.