Timehop, a nostalgic social media platform, has restored its services after deactivating all authorization tokens provided by other social networking sites due to a data breach. In a security advisory posted on its website, Timehop said it voided the keys used to read and show users their past social media posts a few hours after it detected the attack on its network on July 4th at 4:23 PM Eastern Time.
The breach affected 21 million users, including their names, some email addresses, and approximately 4.7 million phone numbers attached to their accounts. Nevertheless, the attack did not hit private messages, financial data, social media or photo content, and other Timehop data such as streaks and memories. Timehop also pointed out that there was no indication that any account was illegitimately accessed.
Timehop admitted that the attack occurred due to lack of a multi-factor authentication that led to the compromise of an access credential to its cloud computing environment. The company said it has now secured its authorization and access controls on all accounts using a multi-factor authentication.
Users were immediately logged out of the app after Timehop invalidated all API credentials. That means users will need to re-authenticate each of their social media accounts to the app the next time they log in to their Timehop account to generate a new token.