Timehop, a service that surfaces a user’s past social media content, has revealed a security breach that hit the company on July 4, and resulted in a database of 21 million users hit.
As a result, the company has voided all social media authorisation tokens it held, and is alerting its users.
Around 4.7 million phone numbers were breached, alongside its usernames and email addresses. Timehop said no financial data was affected, nor social media content, and there has been no evidence of any improper account access.
“A small number of records included a name, a phone number, and an email address; a somewhat larger number included a name and phone number; a larger number included a name and an email address,” the company said. “No financial data, private messages, direct messages, user photos, user social media content, social security numbers, or other private information was breached.”
The intrusion began just after 2pm EST on July 4, and ended two hours and 19 minutes later when the attackers were locked out, Timehop said.
“The breach occurred because an access credential to our cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication,” it said.
In another blog post, the company said that on December 19, admin credentials were used an by unauthorised user to log in into its cloud environment, and began reconnaissance activities over the next two days, and logged in twice more leading up to July 4.
“Once we recognised that there had been a data security incident, Timehop’s CEO and COO contacted the board of directors and company technical advisors; informed federal law enforcement officials; and retained the services of a cybersecurity incident response company, a cybersecurity threat intelligence company; and a crisis communications company,” Timehop said.
With the company voiding its social media tokens, users will need to reauthenticate each service to continue using Timehop.
Last week, Linux distribution Gentoo detailed how an attack on its GitHub organisation was successful.
The attack took place on June 28, and saw Gentoo unable to use GitHub for approximately five days.
Due a lack of two-factor authentication, once the attacker guessed an admin’s password, the organisation was in trouble.
“The attacker gained access to a password of an organisation administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated web pages,” the incident report said.
Gentoo now has a requirement for two-factor authentication to join its GitHub organisation