Data breaches are all too common now, and the latest one you need to know about involves Timehop, a mobile app that makes it easy to reminisce over old photos. The breach, which took place on July 4, was revealed on Sunday, July 8. At the time, Timehop disclosed that 21 million users had been affected by the breach, but it now appears that all users were impacted in some way.
On July 10, Timehop updated its security incident webpage to reflect new information about the data breach. In the report, the company disclosed more about the stolen data, including the exact amount of users affected by each type of information taken. In an email to Gadget Hacks, however, Timehop confirmed all of its users had data stolen of some kind.
We are deeply, humbly sorry for this incident, and support GDPR as a law and support these disclosure requirements.
The problem is that it isn't clear what information of yours was taken. Timehop does not require users to provide any one particular piece of data, so not everyone's stolen data is equal. In general, the hackers made off with some combination of every user's name, email address, phone number, date of birth, gender, and country.
While there's no way to stop hackers from stealing your data retroactively, Timehop informed us that you can request what information of yours was compromised via a support ticket on their website. Just provide your name, email address, a reason for the message (select "General" from the pull-down menu), then make your request in the text field below.
Unfortunately, there's not much more that can be done. Data breaches stink, and all companies and we can do after they happen is learn from them and improve the measures we take to protect ourselves.
For example, limit the amount of personal data you hand over to apps and companies, especially when that data is not required. Data such as your birthday is valuable information in the wrong hands, which can be used for identity theft, and isn't something you can change if data is misused.
Timehop doesn't require users to provide any one particular piece of information. You can use your phone number to sign up, but you can opt out if you connect through Facebook instead. If you don't need to provide your birthday, gender, country, name, or email, maybe you should think twice before doing so.