Timehop reveals figures behind data breach

Social memories app Timehop has revealed more details of the data breach that affected 21 million users, which it has now confirmed also included the dates of birth and gender of some users.

The figures revealed that 2.2 million people in Europe had their name, email address and date of birth accessed in the breach, while 181,000 Europeans had their name, email and phone number information compromised.

Timehop initially said it believed only names, phone numbers and email addresses of around 21 million users had been affected.

(Screenshot/Timehop)

“These new types of data are not part of a second breach. The incident we announced is the only incident we have suffered to date. The new information is the result of closer examination of forensics and logs,” the company said.

“Earlier reports of ‘up to 21 million emails’ were correct. However we now provide the following breakdown of Personally Identifiable Information (PII) that was breached, and the combinations contained in records. These are to be considered separately of one another – these are not additive. The total number of breached records was approximately 21 million.”

The company has apologised for the incident.

Timehop is used by many as a way to see old social media posts from years gone by, stored from the likes of Facebook and Instagram – however, the firm said none of these “memories” posts it stores had been accessed.

Earlier this week the app confirmed access had been gained to its systems from a compromised account which was not protected by what is known as multi-factor authentication, where a user must provide two levels of password – sometimes an access code sent to another device linked to that account – before being able to log in.

Security labelled the lack of multi-factor authentication a “schoolboy error”, and Timehop has confirmed it is introducing it to its systems.

“We are deeply sorry for this secondary disclosure,” the company said of its update.

“In our enthusiasm to disclose all we knew, we quite simply made our announcement before we knew everything.

“We recognise this second disclosure creates the sensation that we are releasing information slowly, in a ‘drip drip’ fashion, to mitigate the potential fallout. We can only assure you that this is not the case. If anything, we are deeply embarrassed to have to make this secondary disclosure.”

- Press Association


Related Articles

Anger as British Airways customers cancel credit cards after 380,000 payments hit in data breach

More in this Section

IFG targets strong growth and 'real value for shareholders in the medium term'

GDP booms ‘but household spending not so much’

Interest rate hike may be pushed back to 2020

Park Hotel in Kenmare generated record revenues in 2018 - John Brennan


Lifestyle

Family restaurants serving up more calories than fast food – here are 8 healthy swaps to make

What parents can learn from Mary Poppins

Unmasking Limerick's newest masked rapper

How to stop tensions boiling over this festive season

More From The Irish Examiner