Massive Breach Affects 21 Million Users Of Timehop App - Olmec Skip to main content

Massive Breach Affects 21 Million Users Of Timehop App

By July 21, 2018June 3rd, 2022Cybersecurity

Do you use Timehop?  If you’re not sure what that is, it’s a popular, clever little app that reminds social media users about posts they’ve made in the past. It can be quite handy, especially if you’re active on numerous social media accounts.

Unfortunately, the bloom is off the rose for Timehop.  Recently, the company announced that it had suffered a breach on the Fourth of July, which gave the hackers virtually unfettered access to the company’s cloud servers for more than two hours.  During that time, the hackers were able to make off with the names, email addresses and other account details of more than twenty-one million users.

Nearly five million of the records stolen (4.7 million) had phone numbers in the data.  As bad as that sounds, it gets worse.  Because of what Timehop is and how it works, it’s got hooks into all of the social media accounts of every member who uses the app.

Timehop uses tokens to access social media information.  Tokens that are now in the hands of the hackers, who could use them to view and/or “scrape” social media content (including private posts) uploaded by every one of the 21 million impacted users.  In short, even if you keep tight control over who can see your social media content, if you’re one of the impacted users, the cat is officially out of the bag.

The company says that they deactivated all tokens shortly after the incident was detected, but there was still a small window of time in which they could have been used.

As is the norm in cases like these, Timehop has issued an apology, is in the process of informing all affected users, and is working with law enforcement and an outside agency to assist with the forensic investigation.  This incident, however, underscores how easily it is to lose control of one’s data.

It’s not enough to simply exercise caution and be mindful of security on the social media channels you frequent.  You’ve also got to be mindful of what third parties you allow to access those channels, because any one of them could provide an inroad for a hacker.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.