Probably wishes it could go back in time and run 2FA, cos lack of it sparked the leak A service named âTimehopâ t
Probably wishes it could go back in time and run 2FA, cos lack of it sparked the leak
A service named âTimehopâ that claims it is âreinventing reminiscingâ â in part by linking posts from other social networks â probably wishes it could go back in time and reinvent its own security, because it has just confessed to losing data describing 21 million members and canât guarantee that the perps didnât slurp private info from usersâ social media accounts.
âOn July 4, 2018, Timehop experienced a network intrusion that led to a breach of some of your data,â the company wrote. âWe learned of the breach while it was still in progress, and were able to interrupt it, but data was taken.â
Names and email addresses were lifted, as were âKeys that let Timehop read and show you your social media posts (but not private messages)â. Timehop has âdeactivated these keys so they can no longer be used by anyone – so youâll have to re-authenticate to our App.â
The breach also led to the loss of access tokens Timehop uses to access other social networks such as Twitter, Facebook and Instagram and the posts youâve made there. Timehop swears blind that the tokens have been revoked and just wonât work any more.
But the company has also warned that âthere was a short time window during which it was theoretically possible for unauthorized users to access those postsâ but has âno evidence that this actually happened.â
It canât be as almost-comforting on the matter of purloined phone numbers, advising that for those who shared such data with the company âIt is recommended that you take additional security precautions with your cellular provider to ensure that your number cannot be ported.â Oh thanks for that, Timehop. And thanks, also, for not using two-factor authentication, because that made the crack possible. âThe breach occurred because an access credential to our cloud computing environment was compromised,â the companyâs admitted. âThat cloud computing account had not been protected by multifactor authentication. We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts.â
All of which leaves users in the same place as usual: with work to do, knowing that if their service providers had done their jobs properly theyâd feel a lot safer. Â®