Timehop has been hacked and the company is warning people their cellphone numbers were taken. Since so many two-factor authentication systems rely on cell numbers Timehop says its users need to make sure their phone number is locked down so it can’t be ported to another service.
Timehop is a service that shows you previous posts from your various social networks. It’s like Facebook’s Memories feature, but started earlier.
From Timehop’s blog post warning of the data breach:
On July 4, 2018, Timehop experienced a network intrusion that led to a breach of some of your data. We learned of the breach while it was still in progress, and were able to interrupt it, but data was taken. While our investigation into this incident (and the possibility of any earlier ones that may have occurred) continues, we are writing to provide our users and partners with all the relevant information as quickly as possible.
The company says names, email addresses, and some phone numbers for about 21 million users was taken before they blocked the hackers. Social media posts and photos weren’t taken during the breach.
Timehop is urging its users to contact their cell service provider to make sure their phone number can’t be ported to another carrier or phone. That’s a precautionary measure to keep someone from stealing your number so they can get your two-factor authentication codes and potentially break into other accounts, including your bank.
Ironically, Timehop doesn’t use two-factor authentication for its own service. Maybe they should rethink that.