• MySTV

Timehop confirms data breach affecting 21 million users

The app said names, email address and phone numbers was among the data accessed.

Breach: Email addresses compromised.
Breach: Email addresses compromised. PA Wire/PA Images

Social app Timehop has confirmed it suffered a data breach affecting 21 million of its users.

The technology company said personal details including names, email addresses and some phone numbers have been compromised as a result of the breach.

The app is used by many as a way to see old social media posts from years gone by, stored from the likes of Facebook and Instagram - however, the firm said none of these "memories" posts it stores had been accessed.

Timehop confirmed access had been gained to its systems from a compromised account which was not protected by what is known as multi-factor authentication, where a user must provide two levels of password - sometimes an access code sent to another device linked to that account - before being able to log in.

Security experts called the lack of multifactor authentication on Timehop's systems a "schoolboy error".

Dan Pitman, senior solutions architect at Alert Logic, said: "We're seeing an increase in breach notification, as organisations do their utmost to adhere to the 72 hour imposed timescales.

"Although Timehop were guilty of a 'schoolboy' error by not applying multi-factor authentication to their remote access systems, it appears that the impact was limited by them not requiring data from their customers, where not necessary for service, and being able to rescind access via the access keys quickly."

In its announcement on the breach, which the company said took place on July 4, Timehop said: "The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service.

"Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don't store copies of your social media profiles, we separate user information from social media content - and we delete our copies of your 'Memories' after you've seen them."

Timehop said it locked out the hackers just over two hours after they had gained access, and revealed some so-called "access tokens" which enable the app to link with various social media profiles had also been compromised. In response, the company said it has terminated these tokens.

It also confirmed it has now introduced multi-factor authentication.

Allen Scott, consumer EMEA director at cyber security firm McAfee urged people to improve their own personal cyber security to better protect them in the event of such breaches.

"We cannot rely on single-factor authentication for our passwords, to protect our digital lives," he said.

"Frustratingly, I'm sure many Timehop users had the same password linked to their Instagram, Facebook and Twitter accounts. In fact, recent McAfee research reveals a third of people rely on the same three passwords for every account they're signed up to.

"If you use the same password for Timehop and a number of other apps and accounts you need to change it NOW.

"A cybercriminal only needs to get their hands on this once to potentially gain access to private and even financial information across a number of accounts.

"We know it's hard to remember all your passwords but using a password generator and manager can help solve this problem and ensure you don't become an easy target for these sophisticated cyber criminals."

One account. All of STV.

This field is required. That doesn't look like a valid e-mail format, please check. That e-mail's already in our system. Please try again.
Forgot password?
This field is required. This must be at least 6 characters long. Did you enter your details correctly?
If you've forgotten your details then use the 'Forgot password?' link.
Need to reset your password?

We'll send a link to reset your password to

We've sent you details on how to reset your password

Please check your email and follow the instructions.

Forgotten your email address?

Have you forgotten the email address that you previously joined with? Don't worry, by emailing enquiries@stv.tv we can help.

One account. All of STV.

This field is required. Please enter at least 2 characters
This field is required. Please enter at least 2 characters
This must be at least 6 characters long.
This field is required. This must be at least 6 characters long.
You must be over 16 to join STV.
This field is required. This doesn't appear to be a valid date
We need this to check that you live in an STV region.
This field is required. This doesn't appear to be a valid postcode
Would you like us to email you about our great shows and services from time to time?
We'll only send emails we think you'll like (see example) based on information you have supplied and shows you have watched on STV Player. For details on emails and advertising, see our STV & You page.
Would you like to receive emails from the Scottish Children's Lottery about draws, instant games and competitions?
We support the Scottish Children's Lottery (SCL), which is managed by our colleagues at STV ELM Ltd. You can find out more about the SCL on its website, including its Privacy Policy.

By continuing you agree to our Terms of Use, and understand our Privacy and Cookie Policies.

Upload Profile Picture

Please make sure your image is under 2mb in size and a valid JPG, PNG or GIF.

Are you sure?

Unfortunately, you'll be unable to access our premium content. We’ll be sorry to see you go, but if you change your mind you can rejoin us at any time.

Please verify your STV account

Please verify your STV account using the email we sent you. If you have lost the email, we can send you another one, just click the button below.


We've sent you a new verification email.
Please check your email and follow the instructions to verify your account.

Welcome to STV
Thanks for joining us.


Sorry, you must be at least 12 years old to place a vote for your Real Hero.

Please review our Voting Terms of Use for more information.


Sorry! It seems that you are using a browser that is incompatible with our voting service.

To register your vote please copy the below URL in to your regular mobile browser. We recommend Google Chrome, or Safari.



Sorry, you seem to have already voted in this category.

Thanks for voting

Now share your vote with friends on your social network

Share on twitter Share on facebook

Cast your vote

Please register or sign in to continue.

Cast your vote

This field is required. This doesn't appear to be a valid date

Cast your vote

Please fill out this form to cast your vote. As you are under 16 years old you will not create an STV account. Why do we need these details?

This field is required. Please enter at least 2 characters
This field is required. Please enter at least 2 characters
This field is required. That doesn't look like a valid e-mail format, please check.
Location This field is required.
Parental Consent This field is required.

That's you. All that's left is to click the 'Submit Vote' button below. By doing so, you confirm that you and your parent or guardian have read and accept our Voting Terms of Use, Privacy Policy and Cookie policy, and that the details you have entered are correct. We'll look after them as carefully as if they were our own.