Timehop, an app that resurfaces your old photos and posts by connecting to your social media profiles, revealed that its cloud computing environment was hacked and the data of 21 million users was stolen on July 4.
As a result, the company has voided all social media authorisation tokens it held, and is alerting its users.
Around 4.7 million phone numbers were breached, alongside its usernames and email addresses. Timehop said no financial data was affected, nor social media content, and there has been no evidence of any improper account access.
“A small number of records included a name, a phone number, and an email address; a somewhat larger number included a name and phone number; a larger number included a name and an email address,” the company said. “No financial data, private messages, direct messages, user photos, user social media content, social security numbers, or other private information was breached.”
Timehop noted that the compromised cloud computing account did not have multi-step verification before the incident – a gross oversight on the company’s part, given that it’s now common practice among firms handling large volumes of user data.