Skip to Content
Social media

21 million users affected as Timehop was hacked

A downside to social media is that once something is posted, it is pretty much there forever. However, for some that’s actually a good thing, as it is fun to be able to peek into the past and see what life was like back then.

One of the most popular apps for collecting and displaying all of what was posted in the past is Timehop. Founded in 2011, it allows users to go back in time on a day-by-day basis and see what they put on Facebook, Twitter and other social media sites.

You have to figure with so many accounts linked to the app it would contain a lot of information about its users, which means anyone who hacked into Timehop could find a treasure trove of data. Turns out that’s exactly what happened.

Millions were affected

TimeHop informed its users of the breach, which happened on July 4. They said 21 million accounts were impacted, with personal data including names and email addresses being taken.

The attack began at 2:04 EST, according to Timehop, and was shut down 2 hours and 19 minutes later. But by then plenty of damage had already been done.

According to Timehop, a preliminary investigation into the incident shows the attacker accessed the app’s cloud environment back in December, and that month performed some small reconnaissance hacks for a few days. They then did the same thing again one day in March and then another time in June before going for it all in July.

What all was taken?

Timehop said that while names, email addresses and some phone numbers (if they were provided) were compromised in the hack, no private/direct messages, financial data, social media or phone content was affected.

Another thing that was taken are the keys the app uses to read the social media posts, and because of that the company deactivated them all so that they could no longer be used.

With that in mind, the “memories” that Timehop collects and shares with its users were not accessed by the hacker. Furthermore, they say there is no evidence that any accounts were accessed without authorization.

So what’s next?

Anyone who uses Timehop probably noticed that they were logged out of the app and had to then individually allow it to once again access sites like Facebook and Twitter. That was done out of an abundance of caution, Timehop said.

After that there is not much to do for people who use the app. Phone numbers are not required to access Timehop and therefore may not be involved; yet, if you did provide your number you’ll want to take steps to ensure it cannot be ported over to a new phone.

The best way to do that is, if you have Verizon, Sprint or AT&T, to add a PIN to your account. If you use T-Mobile, call 611 from your device or 1-800-937-8997 and ask the representative to help assist with limiting the portability of your number.

That would also go for other carriers who are not listed.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out