The photos might be old, but the data breach is very much current. Timehop, which you might know from the old photos it surfaces on social media, has just admitted that 21 million of its users’ data has been compromised in a massive data breach.
21 million, notes TechCrunch, means almost all of Timehop’s users have been affected, and almost a fifth (4.7 million) of these users may have had a telephone number compromised.
Related: Amazon Prime Day
The attack was discovered by the company on July 4th, and it was shut down just two hours and 19 minutes later. However, the attacker is thought to have had access since around December, before launching the full attack this month.
The data breach was disclosed via a blog post on Saturday.
So what was taken?
Since the whole point of the service is to plug into your social media accounts and resurface old posts, we were initially worried that this same social media data may have been compromised by the breach.
However this is not the case. The keys that allow Timehop to view these posts were compromised, but the service has now deactivated them so they can no longer be used. Users will have to re-authenticate Timehop’s access if they want to continue using the service.
Instead, it’s data relating to the Timehop account that has been compromised. The company says that this includes “names, email addresses, and some phone numbers” [emphasis our own] have been affected.
This is the biggest data breach to have occurred since GDPR came in, representing a big test for the new regulation. Although it technically requires companies to disclose breaches within 72 hours of becoming aware of them, Timehop argues that the “regulations are vague on a breach of this type”, since its users’ rights or freedoms are not at risk.
It will be interesting to see whether the authorities share this interpretation of the rules.
Are you a Timehop user? Are you worried about the breach? Let us know @TrustedReviews.