【】
If you're a Timehop user, we've got some really bad news. The app, which reminds you of your past social media postings, says it was hacked on July 4.
Timehop says some 21 million users are affected by the data breach, which exposed information such as "names, email addresses, dates of birth, gender of users, country codes, and some phone numbers."
SEE ALSO:Amazon patents hijack-proof delivery dronesIn a company blog post, Timehop says although it learned of the hack while it was happening and was able to interrupt it, "data was taken."
The cause of the hack: Apparently, the company's cloud computing account wasn't protected by multi-factor authentication. Timehop says it's beefed up its security since the incident.
(Now's a good time to remind you to set up two-factor authentication, aka 2FA, to protect your data for any apps and services that support it. There's really no reason not to.)
Timehop says the "keys" that are used to link your social media accounts to the app were breached. As a result, the company's logged all users out of the app to reset the keys. Users will need to log back into all their accounts to re-link them.
"Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content -- and we delete our copies of your “Memories” after you’ve seen them."
Your social media content is safe
Aside from the aforementioned names, email, addresses, dates of birth, gender of users, country codes, and some phone numbers, it appears all other data is safe.
"No private/direct messages, financial data, or social media, or photo content, or Timehop data including streaks were affected," the blog post states.
Additionally, the company says no social media posts were accessed by the intruders. That covers any data from third-party services you may have linked to Timehop, such as Facebook, Instagram, Twitter, Google Photos, Swarm, Dropbox, etc.
How to protect your potentially stolen phone number
There are two ways to log into Timehop: with a Facebook account or your phone number.
If, like me, you use Facebook to log into the app, your phone number is safe.
"FB’s API wouldn’t have given a phone number to us, nor would it allowed the use of a phone number to access anything," Rick Webb, Timehop's COO, confirmed to Mashable over email. "On top of that, the tokens were invalidated before used."
However, if you use your phone number as your sign-in, then it's been stolen by the hackers and you'll want to take extra measures to protect it from being ported. As 9to5Mac notes, ported numbers could be used to obtain 2FA codes for bank accounts.
"Those who use a phone number as a login had their phone number compromised, but it is unrelated to their FB credentials," Webb said.
Timehop says of the 21 million accounts that are affected by the hack, about 4.7 million of them have a phone number attached to them.
Here's what Timehop recommends doing if you use your phone number as your login:
If AT&T, Verizon, or Sprint is your provider, this is accomplished by adding a PIN to your account. See this article for additional information on how to do this.
If you have T-Mobile as your provider, call 611 from your T-Mobile device or 1-800-937-8997 and ask the customer care representative to assist with limiting portability of your phone number.
For all other providers, please contact your cell carrier and ask them how to limit porting or add security to your account.
Should you be worried?
Maybe.
Even though Timehop has increased its security, the stolen data could still surface online. If your account is affected, make sure you keep an eye out for any suspicious activity.
Timehop even warns there's a good chance the stolen data could surface (emphasis ours):
Timehop has retained the services of a well established cyber threat intelligence company that has been seeking evidence of use of the email addresses, phone numbers, and names of users, and while none have appeared to date, itis a high likelihood that they soon will appear in forums and be included in lists that circulate on the Internet and the Dark Web.
If you don't use Timehop, now's a good time to either delete your account or de-authorize any connected social media accounts. Both can be done from within the app's settings page.
UPDATE: July 11, 2018, 1:11 p.m. EDT This story has been updated to include additional details on Timehop data that was obtained by hackers.
Featured Video For You
This cute robot is every hacker's ultimate nemesis
TopicsCybersecurityPrivacy
相关文章
Xiaomi accused of copying again, this time by Jawbone
Imitation is not always the best form of flattery.。 SEE ALSO:Xiaomi's MacBook Air clone is called, w2024-09-20'Euphoria' Season 2 is better than ever before: Review
When Euphoriapremiered in 2019, Sam Levinson's dark portrait of modern adolescence shocked audiences2024-09-20Best custom keyboards to add to your iPhone
Your iPhone background and lock screen aren't the only things you can customize on the Apple handset2024-09-207 ways to improve your privacy in 2022
Big results don't always require a big effort. Maintaining your online and offline privacy can seem2024-09-20- The group behind a growing list of celebrity social media breaches has struck again, this time takin2024-09-20
The creator of Instagram account indiesleaze weighs in on the 'vibe shift'
Have you heard? There may or may not be a vibe shift coming. And the vibe may or may not be shifting2024-09-20
最新评论