Privacy Tip #147 – If You Use Timehop Listen Up!

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

Timehop, an app that allows users to find and claim old photos and posts on social media, has reported a data breach of its cloud computing environment on July 4, 2018, which compromised 20.4 million accounts (3.8 in the GDPR zone).

According to an updated posting on its website yesterday, the information that was compromised includes users’ names, addresses, dates of birth, gender, country codes and telephone numbers. Further, access tokens provided to Timehop by its social media providers were also taken, which would allow the intruder to view social media posts without users’ permission.

Therefore, Timehop terminated the tokens and they can no longer be used. Timehop provided a very transparent list of information that was contained in the database so customers can confirm that no financial or Social Security numbers were involved.

Timehop should be commended for its transparency with regard to the amount of information provided over the past week. It states on its website posting that it is trying to provide as much information as possible during the investigation (which is really difficult), but others have reported that they also were trying to comply with the new 72 hour reporting requirement for GDPR. This is a clear illustration of the difficulty that companies will face with an onerous GDPR notification requirement when all of the facts of the incident aren’t known. It adds confusion to the notification process to consumers when the facts change.

At any rate, if you have downloaded and use Timehop, take a look at Timehop’s website posting about the incident https://www.timehop.com/security. Following the intrusion, Timehop implemented two factor authentication and will require users to log in and reauthenticate each service to continue using the app. In addition, user streaks have been frozen and maintained. Since Timehop had users’ telephone numbers, it is also recommending that users “take additional security precautions with your cellular provider to ensure that your number cannot be ported” by adding a PIN to your account.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide