Timehop security breach leaked names, email addresses — here’s what you can do
Some users' phone numbers were also exposed.
Timehop, the app that lets you link your social media accounts to it and see what you posted/shared years ago, recently confirmed that it had a security breach on July 4, 2018, that exposed the names, email addresses, and phone numbers for its 21 million users.
In an official statement, Timehop says it was able to stop the attack but not before the above data was stolen. On the upside, users' financial information, social media posts/photos, direct messages, and Timehop streaks remain secure and unaffected.
The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service. Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don't store copies of your social media profiles, we separate user information from social media content - and we delete our copies of your "Memories" after you've seen them.
After Timehop detected and stopped the attack, it deauthorized the tokens it uses to communicate with your social media profiles. As such, you'll need to re-link all of your accounts the next time you open the Timehop app.
According to Timehop, "there has been no evidence of, and no confirmed reports of, any unauthorized access of user data through the use of these access tokens."
Timehop's already completed an initial audit of the situation and is currently in the process of a more thorough one to analyze all of its security measures. Furthermore, the company says it's communicating with local and federal law enforcement officials while working through everything.
What you can do
Most of the affected users had their social media names (not full legal ones) and email addresses compromised, but phone numbers were only stolen if you logged into the Timehop app using your phone number. If you did that, Timehop recommends contacting your wireless carrier to make sure your number can't be ported somewhere else.
If you're on AT&T, Sprint, or Verizon, you can do this by contacting your carrier to add a PIN to your account if you don't already have one. For folks on T-Mobile and any other carrier, call customer service and ask for help with restricting the portability of your number.
No matter how you logged into your Timehop app, it's a good idea to update the password to your email account just in case. If you use a password manager, doing this should be quite simple.
Also, if you're still not using two-factor authentication for your email, now's probably a good time to go and ahead and get that setup.