Timehop, the social media application that brings old posts into your feed, experienced a data breach on July 4. In a post published yesterday (July 8) the team explained that ‘an access credential to our cloud computing enterprise was compromised’. Timehop believes 21 million users have been affected by the breach. However, it was keen to state that “we have no evidence that any accounts were accessed without authorization.”
Timehop has already acted to make necessary changes. Certain application features have been temporarily disabled, and users have been logged out of the app. Users will also have to re-authenticate Timehop on social media accounts. The team has deactivated the keys that allow the app to read and show users social media posts on their feeds.
Timehop explained that the gap between the incident and the public statement was due to the need to “contact with a large number of partners.” The investigation needed to be thorough in order for the response to be clear and coordinated.
How did the Timehop data breach happen?
For transparency, Timehop published a detailed technical report on how it believes the hack happened.
An unauthorized user first accessed Timehop’s cloud computing environment using an authorized users credentials. This user then conducted ‘reconnaisance activities’ once they had created a new administrative account. This user logged in to the account on numerous occasions after this in March and June 2018.
It was only on July 4 that the attacker then attempted to access the production database. Timehop then states that they “conducted a specific action that triggered an alarm” which allowed engineers to act quickly to stop the attack from continuing.
Once this was done, there was a detailed and thorough investigation. This included analyzing the attacker’s activity on the network and auditing all security permissions and processes.
A measured response to a potential crisis
It’s worth noting just how methodical Timehop’s response has been. Yes, there will be question marks over the delay, but it does make a lot of sense. Timehop revealed that the news was provided to some journalists “under embargo in order to determine the most effective ways to communicate what had happened while neither causing panic nor resorting to bland euphemism.”
The incident demonstrates that effective cybersecurity is as much about a robust communication strategy as it is about secure software.