Timehop is now admitting that additional personal information was compromised in a data breach on July 4. The company first acknowledged the breach on Sunday, and said that names of its users, email addresses and phone numbers had been compromised. Now, the company is confirming that additional information, including date of birth and gender were compromised during the breach last week.
According to TechCrunch, Timehop revealed that around 21 million accounts were affected during the data breach but not all accounts were affected equally. It says only 3.3 million accounts had the entirety of their name, email, phone and date of birth taken, while at least names were leaked in the case of full 21 million compromised accounts.
Timehop is an app for smartphones that collects old photos and posts from social media platforms like Facebook, Twitter, Instagram and cloud service like Dropbox to create memories from the past. The company was founded by Jonathan Wegener and Benny Wong in 2011. Even though personal information were stolen in the breach, Timehop is reassuring its users that content like memories stored in the app was not breached.
The company says these memories are kept in a separate and more secure database, which should have been the case for all information in the first place. “That stuff is what we cared about, that stuff was protected,” Timehop COO Rick Webb told TechCrunch. He adds that the challenge is “to make a mental note to think about everything else.”
Watch: Asus Zenfone 5Z First Look Video
The breach occurred when someone accessed a database not protected by two-factor authentication in Timehop’s cloud infrastructure. It is now working to prevent future breaches by enforcing the use of two-factor authentication on all of its system including databases. The lose of sensitive information might not be as profound as the ones involving other data breaches but these could lead to identity theft.