YOU SAID:
"It is recommended that you take additional security precautions with your cellular provider to ensure that your number cannot be ported," the company adds. Timehop also says none of the "memories," or photos from social media, were taken, nor were private messages and financial data. According to a preliminary review of the attack, hackers used a compromised administrative user's credentials to penetrate Timehop’s cloud computing provider starting in mid-December. The attacker then logged on intermittently from December to June to conduct reconnaissance, the company says. The hackers then carried out the attack on the afternoon of July 4. Timehop engineers began to block the attack and lock down the compromised environment less than two hours after the attack began, the company says. Timehop, however, did not appear to have multifactor authentication applied across all its accounts before the incident occurred — a security vulnerability that the hackers may have been able to exploit. "We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts," the company said, noting that this applied to all accounts, not just in those in their cloud environment. The company also says hackers stole “access tokens,” which were provided to the company by their social media providers. "These tokens could allow a malicious actor to view without permission some of your social media posts," they write, noting that this largely means access to posts a user posts on their own walls. "However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts — again, we have no evidence that this actually happened," the company noted. The company said it has reset all its keys out of "abundance of caution," which will require users to re-authenticate their Timehop accounts before again using its service. "If you have noticed any content not loading, it is because Timehop deactivated these proactively," the company writes. Timehop first disclosed the cyberattack publicly in the Sunday blog post, several days after the breach unfolded. "A significant amount of the time it took to respond publicly was making contact with a large number of partners and sharing information with them to help with a complex technical investigation and coordinate an incident response," the company writes. The company's post, however, does not make clear if it notified affected users before publicly announcing the breach on Twitter and its own website days after the attack took place. Timehop downplayed the impact of the attack. "The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service," the company wrote in part. "Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content — and we delete our copies of your 'Memories' after you’ve seen them."
INTO JAPANESE
同社は、「携帯電話のプロバイダにセキュリティ上の注意を払い、番号を確実に移植できないようにすることが推奨されている」と付け加えた。 Timehopはまた、ソーシャルメディアの「思い出」や写真は撮られておらず、私的なメッセージや財務データもないと述べている。攻撃の予備レビューによると、使用されたハッカーは、
BACK INTO ENGLISH
The company added, "It is recommended that you pay security attention to mobile phone providers and ensure that you can not port numbers securely." Timehop also has no social media "memories" or pictures taken, private messages or financial data
INTO JAPANESE
同社は、「携帯電話会社にセキュリティの注意を払い、番号を安全に移植できないようにすることが推奨される」と付け加えた。 Timehopにはソーシャルメディアの「思い出」や写真、プライベートメッセージや財務データもありません
BACK INTO ENGLISH
The company added, "It is recommended that you pay attention to security of cellular phone companies and make it impossible to safely port numbers." Timehop does not have "memories" of social media, photos, private messages and financial data
INTO JAPANESE
同社は、「携帯電話会社のセキュリティに注意を払い、安全に番号を移植できないようにすることが推奨される」と付け加えた。 Timehopにはソーシャルメディア、写真、プライベートメッセージ、財務データの「思い出」はありません
BACK INTO ENGLISH
The company added, "It is recommended that you pay attention to the security of cellular phone companies and make it impossible to safely port numbers." Timehop does not have "memories" of social media, photos, private messages, financial data
INTO JAPANESE
同社は、「携帯電話会社のセキュリティに注意を払い、安全に番号を移植することを不可能にすることが推奨される」と付け加えた。 Timehopにはソーシャルメディア、写真、プライベートメッセージ、財務データの「思い出」はありません
BACK INTO ENGLISH
The company added, "It is recommended that you pay attention to the security of mobile phone companies and make it impossible to safely port numbers." Timehop does not have "memories" of social media, photos, private messages, financial data
INTO JAPANESE
同社は、「携帯電話会社のセキュリティに注意を払い、安全に番号を移植することを不可能にすることが推奨される」と付け加えた。 Timehopにはソーシャルメディア、写真、プライベートメッセージ、財務データの「思い出」はありません
BACK INTO ENGLISH
The company added, "It is recommended that you pay attention to the security of mobile phone companies and make it impossible to safely port numbers." Timehop does not have "memories" of social media, photos, private messages, financial data
You should move to Japan!