Timehop, an app for archiving social media activities, was breached on July 4. The breach compromised data for 21 million users from the company’s cloud environment including names, email addresses, and the phone numbers for roughly a quarter of them.
In an email to their users, Timehop stated: “The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content — and we delete our copies of your “Memories” after you’ve seen them.”
While Timehop managed to detect and respond to the breach within 2 hours and had robust privacy settings in place to mitigate its effects, records show that the cyber attacker had begun preparatory activities as early as December 2017 via a vulnerability in their cloud data storage.
Timehop has since added more security settings to their services, and have promised a full security audit.
Read more about the story here.