Timehop wrote that the intrusion took place on July 4 and that users’ names and email addresses were exposed. Additionally, phone numbers linked to 4.7 million accounts were also stolen. The company stressed that no private/direct messages, financial data, or social media or photo content were affected.
Timehop is advising those who shared their phone numbers with the company to “take additional security precautions with your cellular provider to ensure that your number cannot be ported.”
Authorization tokens used by Timehop to access social media sites like Facebook and Twitter were taken during the breach. The company says it deactivated these keys a few hours after it detected the intrusion, but warned that “there was a short time window during which it was theoretically possible for unauthorized users to access those posts” but has “no evidence that this actually happened.”
Preparations for the attack began in December when an unauthorized person used admin credentials to log into the company’s cloud computing environment, which it admits was not protected by multifactor authentication. Recon activities took place over the next two days, and the person logged in two more times before the July 4 attack.
Timehop has now restored its services after resetting all its passwords and adding multifactor authorization. It is working with local and federal law enforcement to investigate the breach. Security is being enhanced and the company is conducting a complete audit.
UPDATE -- we're back online. Please read this important security announcement: https://t.co/s82imGuZpe— Timehop (@timehop) 8 July 2018
A technical report on the incident can be found here.