Do you use Timehop?

If you're not sure what that is, it's a popular, clever little app that reminds social media users about posts they've made in the past. It can be quite handy, especially if you're active on numerous social media accounts.

Unfortunately, the bloom is off the rose for Timehop.  Recently, the company announced that it had suffered a breach on the Fourth of July, which gave the hackers virtually unfettered access to the company's cloud servers for more than two hours.  During that time, the hackers were able to make off with the names, email addresses and other account details of more than twenty-one million users.

4,700,000 phone numbers stolen

Nearly five million of the records stolen (4.7 million) had phone numbers in the data.  As bad as that sounds, it gets worse.  Because of what Timehop is and how it works, it's got hooks into all of the social media accounts of every member who uses the app.

Timehop uses tokens to access social media information.  Tokens that are now in the hands of the hackers, who could use them to view and/or "scrape" social media content (including private posts) uploaded by every one of the 21 million impacted users.  In short, even if you keep tight control over who can see your social media content, if you're one of the impacted users, the cat is officially out of the bag.

The company says that they deactivated all tokens shortly after the incident was detected, but there was still a small window of time in which they could have been used.

As is the norm in cases like these, Timehop has issued an apology, is in the process of informing all affected users, and is working with law enforcement and an outside agency to assist with the forensic investigation.  This incident, however, underscores how easy it is to lose control of one's data.

Our perspective

It's not enough to simply exercise caution and be mindful of security on the social media channels you frequent.  You've also got to be mindful of what third parties you allow to access those channels, because any one of them could provide an inroad for a hacker.

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cloud Computing Expert | Small Business Technology Consultant | IT Services Provider | 866.995.4488

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, or insurance companies in Greater Los Angeles. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs to business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this blog post

"Cyber Security Check List That Will Underscore Your Potential Business Risks"