Hackers Steal Personal Information of 21 Million Timehop Users (fortune.com)

← Back to Stories (view on slashdot.org)

Hackers Steal Personal Information of 21 Million Timehop Users (fortune.com)

Posted by msmash on Monday July 9, 2018 @08:40AM from the security-woes dept.

21 million users of Timehop, an app that reminds people about their social media posts on that day, are at risk after hackers breached the company servers on July 4. From a report: The company, in a blog post, says the security breach not only resulted in personal data (including names, addresses and, for some accounts, phone numbers) being stolen, but the hackers were also able to secure tokens allowing them to view people's posts on Facebook, Twitter, Instagram, and Foursquare. Timehop says it quickly deactivated the tokens, which would have shut down access to the accounts. No private/direct messages, financial data, or social media content was affected, the company stressed. Attackers were apparently able to access the system's cloud servers because the company had not turned on multi-factor authentication. Timehop says the system was compromised for roughly two hours.

25 comments

Min score:

Reason:

Sort:

Oh. My. God. by Frosty+Piss · 2018-07-09 08:41 · Score: 1, Flamebait

OMG! OMG! OMG! My social circles will be aghast at my new secret online business selling "Genuine" Canadian Viagra, BitCoin initial offerings, and pornography of 18 year old virgin Russian girls! What shall I do?
By the way, who is Timehop? 21 million users, 21 million bots? Or 21 million downloads?

--
If you want news from today, you have to come back tomorrow.
1. Re:Oh. My. God. by Anonymous Coward · 2018-07-09 09:25 · Score: 0
  
  "Alice? Alice? Who the f--k is Alice?"
  So this boils down to "some service you've never heard of somehow had over 21 million user accounts and couldn't be arsed to security them properly", yeah?
I bet by nospam007 · 2018-07-09 08:42 · Score: 1

....that lots of them wish to hop back in time.
1. Re:I bet by Anonymous Coward · 2018-07-09 09:35 · Score: 0
  
  They can just use their own platform to hop back in time and fix the problem. As soon as this happens, this post will disappear.
Muh data! by SeaFox · 2018-07-09 09:01 · Score: 0

...but the hackers were also able to secure tokens allowing them to view people's posts on Facebook, Twitter, Instagram, and Foursquare.
Oh no. The hackers were able to read information users posted specifically to share with people!
1. Re:Muh data! by Calydor · 2018-07-09 10:27 · Score: 1
  
  This would include posts made to limited groups. Not everyone posts everything for the entire world to see.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
More newsworthy by nwaack · 2018-07-09 09:11 · Score: 2

is the fact that a stupid app like Timehop has 21 million freaking users! There is no hope for this planet.
1. Re:More newsworthy by Anonymous Coward · 2018-07-09 09:28 · Score: 0
  
  It's digital nostalgia. Didn't you ever go back through old (film) photos and reminisce? This is that. People don't take the time to go back through their digital lives very much, if at all.
  Don't be such a cynic, it's not good for the soul.
2. Re:More newsworthy by ole_timer · 2018-07-09 09:32 · Score: 1
  
  wow, a site that reminds of my pointless posts...just wow, these people ought to get a life
  
  --
  nothing to see here - move along
3. Re:More newsworthy by ole_timer · 2018-07-09 09:34 · Score: 2
  
  you go through ole photos and reminisce with others...how do you do that with old posts? "look kids, I really posted a doozy then!"
  
  --
  nothing to see here - move along
4. Re: More newsworthy by Anonymous Coward · 2018-07-09 10:30 · Score: 0
  
  I delete my previous posts when I come across them if given the opportunity to do so, whether I like them or not. Data sentimentalism is stupid.
  Down with big data! Down with the evil American tech industry. Timehop needs to be fined and its engineers and directors imprisoned. As do the developers of every tech firm that abuses it's users!
5. Re: More newsworthy by Frosty+Piss · 2018-07-09 10:57 · Score: 1
  
  I post as âoeFrosty Pissâ, thatâ(TM)s all I need to maintain my privacy.
  
  --
  If you want news from today, you have to come back tomorrow.
6. Re: More newsworthy by Anonymous Coward · 2018-07-09 11:40 · Score: 0
  
  I think someone should just have a major diarrheal shit in the CEO's face.
7. Re: More newsworthy by Dutch+Gun · 2018-07-09 16:52 · Score: 1
  
  Also, we now know that you own an iPhone. We're closing in on your true identity, one data point at a time!
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
8. Re:More newsworthy by Anonymous Coward · 2018-07-10 06:26 · Score: 0
  
  OK. So I am not a big fan of facecrack either but cmon, dont be a troll!
  If anything timehop is one of the most fun and useful facecrack apps.
Re: Oh. My. Boners. by Anonymous Coward · 2018-07-09 09:20 · Score: 0

boners
Plot Twist by Anonymous Coward · 2018-07-09 09:22 · Score: 0

They stole the accounts in the future!
If you remove your data now then you won't be impacted by the breach.
"Steal?" by Anonymous Coward · 2018-07-09 09:25 · Score: 0

My god, these people can no longer use their names, addresses, or phone numbers?!
Oh, this is the MPAA version of "steal?" Never mind, carry on then.
No 2FA? by Anonymous Coward · 2018-07-09 09:27 · Score: 0

From the attached article, there was no two factor authentication used. Hell, I use 2FA on my social media accounts that are rarely, if ever, used. This is basic common sense here.
Re: Oh. My. Boners. by Anonymous Coward · 2018-07-09 09:40 · Score: 0

21 million boners?
Not Multi-factor, but Single at least? by Anonymous Coward · 2018-07-09 09:56 · Score: 0

Attackers were apparently able to access the system's cloud servers because the company had not turned on multi-factor authentication.
Okay, that a dumb sentence. Here's what really happened from the blog post:

The breach occurred because an access credential to our cloud computing environment was compromised.
AND they didn't have multi-factor. But this is a back-end system, so those credentials shouldn't have been lost!!! They didn't specify if it was a tech login or a login to access the DB or other "non-user" logins.
You know what really happened? Some idiot got phished for his AWS credentials.
Re: Oh. My. Boners. by Anonymous Coward · 2018-07-09 10:37 · Score: 0

21.1 Jiggabonars.... You don't just walk into a store, with a bonar, and buy plutonium. https://www.youtube.com/watch?v=3t-EYU10U3o
Reminds? by cascadingstylesheet · 2018-07-09 14:24 · Score: 1

Reminds ... people ... about their own social media posts?
What new deviltry is this?
1. Re:Reminds? by Anonymous Coward · 2018-07-10 01:28 · Score: 0
  
  Reminds ... people ... about their own social media posts?
  What new deviltry is this?
  I interpret this as a service which enables shallow idiots obsessed with social media to bask in the glory of previous pointless and narcissistic posts they've made to remind themselves how awesome they think they are.
  I can't even begin to explain how pathetic I find this to be.
  That 21 million people use this tells me there is no fucking hope for humanity.