• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

Timehop Data Breach Yields Valuable Lessons: FIDO

July 18, 2018

Timehop Data Breach Yields Valuable Lessons: FIDO Earlier this month, the company behind Timehop, a social media ‘time capsule’ app that shows users their older posts, revealed that it had suffered a data breach affecting 21 million users. And while the attack was not particularly exceptional as far as data breaches go, it nevertheless offers some food for thought, as FIDO Alliance Executive Director Brett McDowell points out in a new post on FIDO’s website.

McDowell begins his analysis by emphasizing the preventive benefits of multi-factor authentication. Like so many other organizations, Timehop announced that it had implemented such security after the hack attack – a prudent move with respect to future security risks, but one that was obviously taken a little too late.

But it’s the attack’s position within a larger regulatory framework that prompts a more incisive insight from McDowell. As he points out the July 4th attack occurred after the full implementation of the European Union’s General Data Protection Regulation. Under the GDPR rules, organizations are compelled to “demonstrate to regulators you had taken risk-appropriate measures ahead of any data breach incident,” McDowell notes. What’s more, any organization that processes payments for customers in the EU is required by PSD2 – another EU regulation – “to provide Secure Customer Authentication for those transactions, which explicitly requires at least two of the three factors of authentication: something you know (like a password), something you are (like a biometric), and/or something you have (like a cryptographic signature from a trusted device).”

In other words, it seems likely that Timehop should have implemented stronger security in the first place, security that might have prevented the July 4th hack attack. But with over half of businesses admitting that they don’t fully comply with EU regulations, according to a recent Gemalto study, this is a message that should be heeded by many more organizations beyond Timehop.

Filed Under: Featured, Industry News Tagged With: biometric authentication, digital security, European Union, FIDO, FIDO Alliance, GDPR, hack attacks, multi-factor authentication, multi-factor security, PSD2, regulations, Timehop

Related News & Articles

MWC Barcelona: Aware’s Kai Imgenberg on Knomi, Biometric Banking and More [Audio]

Microsoft Authenticator Upgrades to 2FA with Biometrics on Android

4G to Overtake 3G in LATAM/Caribbean This Year: GSMA Report

Primary Sidebar

Register For the Next Virtual Identity Summit

Register now!

Tweets

Sponsored Links

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi's product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • FCC Tells Apple and Google to Get Rid of TikTok
  • Yubico Offers Subscriptions Through AWS Marketplace
  • Saskatchewan Privacy Commissioner Urges Development of Optional Digital ID
  • Wearable Authentication Company Closes $13 Million Funding Round
  • Fobi and Barnet Unveil New Digital Wallet Loyalty Solution

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2022 MobileIDWorld