Timehop today is providing additional information on the data breach it first revealed yesterday. According to TechCrunch, Timehop has discovered that the breach included more user data than it initially thought…
Sylvania HomeKit Light Strip
Timehop, the popular application that resurfaces memories from past social media posts, said yesterday that it had suffered a data breach on July 4th. Originally, it was thought that 21 million users were affected and that compromised data included names, email addresses, and some phone numbers.
TechCrunch, however, was able to speak with Timehop CEO Matt Raoul and COO Rick Webb, as well as the security consultant hired to oversee the data breach.
Timehop explained that in its “enthusiasm to disclose” the data breach to users, it made the announcement before it knew all of the details. The company now says that additional information was taken, including dates of birth and gender.
In our enthusiasm to disclose all we knew, we quite simply made our announcement before we knew everything.
With the benefit of staff who had been vacationing and unavailable during the first four days of the investigation, and a new senior engineering employee, as we examined the more comprehensive audit on Monday of the actual database tables that were stolen it became clear that there was more information in the tables than we had originally disclosed.
This was precisely why we had stated repeatedly that the investigation was continuing and that we would update with more information as soon as it became available.
Timehop was sure to note that it does not have any financial information from users, nor does it “perform the kinds of detailed behavioral tracking” that many ad-supported social networks do.
The company also clarified the number of users who were affected:
It says that 18.6 million email addresses were compromised (down from the “up to 21 million” addresses first reported), compared to 15.5 million dates of birth. In total, the company says 3.3 million records were compromised that included names, email addresses, phone numbers and DOBs.
Despite the additional data and clarification from Timehop, the company still advises that users change their password and no additional steps need to be taken, such as changing the passwords on linked social media accounts.