July 12, 2018
Timehop, an application which resurfaces posts and photos from social media accounts, has disclosed that 21 million accounts including those of EU inhabitants, were unlawfully retrieved on July 4. The data affected includes names, electronic mail addresses, and particulars of 4.7 million phone numbers.
The app warned its users in the EU as the infringement might have effects as per the new GDPR secrecy law. Moreover, cloud-based accounts like Google Photos and Dropbox have had multi-factor verification applied.
Timehop disclosed that the hacker retrieved the app’s cloud computing account with a manager’s sign-in particulars on December 19, 2017. The attacker then established a new account and logged in on four times in December (twice), once in March and one more time in June.
The attack itself was not carried out until July 4, when the hacker downloaded the undermined data and attacked Timehop’s creation database. Timehop blocked the attacker two hours after it recognized the infringement, however, user data was already downloaded by this time.
Confidential messages, fiscal data, social media matter, and Timehop data were undermined as per the firm. There is no evidence to indicate that the hacker might have seen people were posting on Instagram, Facebook, and Twitter. Timehop closed down access to social media tokens as a preventive measure. Users should now reauthorize the application.
Timehop also made law enforcement agencies conscious of the infringement and engaged a cyber threat intelligence firm to check whether users’ electronic mail addresses, phone numbers, and names pop up in media and lists on the internet.
Timehop users are recommended to get in touch with the local carriers to make sure your number can’t be ported. Verizon, AT&T, and Sprint subscribers can add a PIN to their accounts, whereas T-Mobile subscribers should contact customer service and request for help to avoid phone number movability.
It is also prudent to update your electronic mail account passwords and apply two-factor verification as additional safety measures.