Cybercriminals hacked a database of 21 million Timehop users because of a lack of security. It's related to a cloud computing account and the stolen data includes information such as usernames & email addresses. It also includes access to 4.7 million users' telephone numbers. No financial information was accessed as Timehop reports it doesn’t store this type of data.
Hackers have had access to Timehop's servers for more than two hours. The incident could be traced to activities as far back as December when apparent reconnaissance was done.
It’s almost unthinkable that a company storing people’s private information doesn’t have a multi-step verification process in place. Without this, Timehop’s users were easy targets for skilled hackers.
The GDPR regulations exist for barely a month. Now, there's a responsibility to abide by the rules. Firstly, Timehop had no choice but to make the breach public and all the EU users had to be notified.
Timehop is also improving the system and implementing countermeasures. This includes voiding authorization tokens or keys that give access to social media details. This means users need to re-authenticate their accounts. The hackers could view users' social media posts but Timehop says there's no chance of accessing personal messages. The tokens don't even give Timehop this privilege.
Timehop is also implementing password systems & designing multi-factor authentication for anything relating to their cloud-based services.
Furthermore, they called in the help of GDPR experts. But is this too little too late? Now the world sees the value of the GDPR regulations. Unfortunately, the Timehop users now have to wait and see. Will the hackers abuse the data they obtained?
Are you one of the affected parties? Share your views in the comments below and follow Technadu on Facebook and Twitter to get the latest updates on this story as it breaks.