YOU SAID:

The attackers, according to a preliminary investigation of the breach, stole roughly 21 million email addresses and names from Timehop during an attack last Wednesday, which took place on the Fourth of July. From those affected users, the hackers also gained access to roughly 4.7 million phone numbers, the company wrote in a Sunday blog post. The hackers' access to phone numbers adds an additional risk to those affected — phone numbers are increasingly used in "two-factor authentication" to boost security in a number of instances, from resetting passwords to authenticating account logins. Aggressive hackers could potentially use a phone number to get around security firewalls and continue to cause more harm. Despite this, the company says it has no evidence that "any accounts were accessed without authorization." "It is recommended that you take additional security precautions with your cellular provider to ensure that your number cannot be ported," the company adds. Timehop also says none of the "memories," or photos from social media, were taken, nor were private messages and financial data. According to a preliminary review of the attack, hackers used a compromised administrative user's credentials to penetrate Timehop’s cloud computing provider starting in mid-December. The attacker then logged on intermittently from December to June to conduct reconnaissance, the company says. The hackers then carried out the attack on the afternoon of July 4. Timehop engineers began to block the attack and lock down the compromised environment less than two hours after the attack began, the company says. Timehop, however, did not appear to have multifactor authentication applied across all its accounts before the incident occurred — a security vulnerability that the hackers may have been able to exploit. "We have now taken steps that include multifactor authentication to secure our authorization and access controls on all accounts," the company said, noting that this applied to all accounts, not just in those in their cloud environment. The company also says hackers stole “access tokens,” which were provided to the company by their social media providers. "These tokens could allow a malicious actor to view without permission some of your social media posts," they write, noting that this largely means access to posts a user posts on their own walls. "However, it is important that we tell you that there was a short time window during which it was theoretically possible for unauthorized users to access those posts — again, we have no evidence that this actually happened," the company noted. The company said it has reset all its keys out of "abundance of caution," which will require users to re-authenticate their Timehop accounts before again using its service. "If you have noticed any content not loading, it is because Timehop deactivated these proactively," the company writes. Timehop first disclosed the cyberattack publicly in the Sunday blog post, several days after the breach unfolded. "A significant amount of the time it took to respond publicly was making contact with a large number of partners and sharing information with them to help with a complex technical investigation and coordinate an incident response," the company writes. The company's post, however, does not make clear if it notified affected users before publicly announcing the breach on Twitter and its own website days after the attack took place. Timehop downplayed the impact of the attack. "The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service," the company wrote in part. "Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content — and we delete our copies of your 'Memories' after you’ve seen them."

INTO JAPANESE

攻撃者は、侵害の予備調査によると、7月4日に行われた攻撃で、Timehop​​の電子メールアドレスと名前を盗んだ。この影響を受けたユーザーから、ハッカーは約470万の電話番号にアクセスすることもできたと同社は日曜日のブログ記事で書いている

BACK INTO ENGLISH

According to a preliminary investigation of infringement, an attacker stole Timehop's e-mail address and name in an attack that took place on July 4. From this affected user, hackers could also access about 4.7 million phone numbers, the company wrote in a Sunday blog post

INTO JAPANESE

攻撃の予備調査によると、攻撃者は7月4日に発生した攻撃でTimehop​​の電子メールアドレスと名前を盗んだ。この影響を受けたユーザーから、ハッカーは約470万件の電話番号にアクセスできる可能性があると同氏は日曜日のブログ役職

BACK INTO ENGLISH

According to a preliminary investigation of attacks, an attacker stole Timehop's e-mail address and name with an attack that occurred on July 4. From this affected user, hackers may have access to approximately 4.7 million phone numbers, he said on Sunday's blog post

INTO JAPANESE

攻撃の予備調査によると、攻撃者はTimehop​​の電子メールアドレスと名前を7月4日に発生した攻撃で盗んだ。この影響を受けたユーザーから、ハッカーは約470万の電話番号にアクセスできる可能性があると、

BACK INTO ENGLISH

A preliminary investigation of the attack stated that an attacker stole Timehop's e-mail address and name with an attack that occurred on July 4. From this affected user, hackers may have access to approximately 4.7 million phone numbers,

INTO JAPANESE

この攻撃の予備調査では、攻撃者が7月4日に発生した攻撃でTimehop​​の電子メールアドレスと名前を盗んだことが明らかになりました。この影響を受けたユーザーから、ハッカーは約470万の電話番号、

BACK INTO ENGLISH

A preliminary investigation of this attack revealed that an attacker stole Timehop's e-mail address and name on an attack that occurred on July 4th. From this affected user, hackers have about 4.7 million phone numbers,

INTO JAPANESE

この攻撃の予備調査では、攻撃者が7月4日に発生した攻撃でTimehop​​の電子メールアドレスと名前を盗んだことが明らかになりました。この影響を受けたユーザーから、ハッカーは約470万の電話番号を持ち、

BACK INTO ENGLISH

A preliminary investigation of this attack revealed that an attacker stole Timehop's e-mail address and name on an attack that occurred on July 4th. From this affected user, hackers have about 4.7 million phone numbers,