|By Le Williams | 2 years ago|
Smartphone application Timehop revealed a security breach, compromising 21 million Facebook, Instagram, Twitter, and Dropbox users’ personal data, photos, and aged posts.
The startup company, whose service integrates into users’ social media accounts to resurface posts and photos, disclosed the discovered attack while it was in progress.
According to an internal preliminary investigation of the incident, the attacker first accessed Timehop’s cloud environment in December, using compromised admin credentials. Apparently, the attacker conducting reconnaissance for numerous days within the month, extending singular days in March and June before performing the widespread attack on July 4.
Timehop publicly revealed the breach in a blog post on Saturday, several days after discovering the attack.
The blog post explains how no social media content, financial data or Timehop data was affected by the breach, emphasizing how no content was affected.
Nonetheless, the keys that allow it to read and show users their social media content were compromised. As all keys have been deactivated, Timehop users will have to re-authenticate to its App to continue using the service.
“If you have noticed any content not loading, it is because Timehop deactivated these proactively,” it writes, adding: “We have no evidence that any accounts were accessed without authorization.”
Timehop admits in the post that the tokens could “theoretically” have been used for unauthorized users to access Timehop users’ own social media posts during “a short time window”.
“We want to be clear that these tokens do not give anyone (including Timehop) access to Facebook Messenger, or Direct Messages on Twitter or Instagram, or things that your friends post to your Facebook wall. In general, Timehop only has access to social media posts you post yourself to your profile,” the company states.
App users are being reassured by the company that no impact has resulted towards numbers Timehop displays to denote how many consecutive days the user has opened the app,