Twenty-one million users of Timehop, an app that reminds people about their social media posts on that day, are at risk after hackers breached the company servers on July 4.
The company, in a blog post, says the security breach not only resulted in personal data (including names, addresses and, for some accounts, phone numbers) being stolen, but the hackers were also able to secure tokens allowing them to view people’s posts on Facebook, Twitter, Instagram, and Foursquare.
Timehop says it quickly deactivated the tokens, which would have shut down access to the accounts. No private/direct messages, financial data, or social media content was affected, the company stressed.
Attackers were apparently able to access the system’s cloud servers because the company had not turned on multi-factor authentication. Timehop says the system was compromised for roughly two hours.
As a security precaution, the company says it has reset all keys, which means users were logged out of their account.
“We have been working with security experts and incident response professionals, local and federal law enforcement officials, and our social media providers to assure that the impact on our users is minimized,” Timehop wrote. ” The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content – and we delete our copies of your “Memories” after you’ve seen them.”