Administrators of the Timehop social media app may be wishing they could go back in time themselves to stop a July 4th hack attack that has affected some 21 million users.
The attack was carried out through Timehop’s cloud computing account, with the perpetrator having acquired an administrator’s credentials and then used them to create a new admin account back in December of last year. The attacker made periodic visits to the site to monitor activity, and then performed an actual data breach on Independence Day. Timehop was able to stop the attack a couple of hours in, but not before the names, email addresses, and in some cases phone numbers of about 21 million users were retrieved.
It could have been worse: Timehop says that no financial data or social media content was compromised. Timehop is a time capsule app designed to show users old posts from social media, so it will come as a relief to many users that the hacker doesn’t appear to have gained access to their linked social media accounts.
Still, for many users, news of the data breach will likely serve as another wakeup call about the state of digital security and the need for more sophisticated authentication mechanisms on social media. It has certainly been a wakeup call for Timehop itself, which has now decided to embrace multi-factor authentication for its cloud access, joining the many other businesses that embrace strong security mechanisms after a data breach.