Timehop, a popular app that reminds people of fond memories, revealed it was hacked on the Fourth of July. 21 million people had personal data compromised including names, birthdays, gender, email addresses and phone numbers. Timehop’s attack joins a string of recent data breaches at companies such as Equifax and Facebook.
Why are so many popular services being hacked for personal data? Simply put, as long as there is a market where personally identifying information can be bought and sold, there will be bad actors looking for ways to exploit services that collect this information.
Timehop is a feel good experience. In order to enjoy a daily dose of nostalgia, people grant the Timehop app access to their social media accounts, camera rolls and galleries and photo storage apps. This is a lot of sensitive personal data to hand over for a moment’s bliss.
Let’s break down Timehop’s data breach into key issues and actions you can take to minimize your own privacy risk.
1)Linking Accounts Creates Puts Privacy At Risk
To sign up for Timehop’s service, people provide their phone number to verify their identity (a standard practice) or their login with Facebook. Then people give access to other apps like Twitter, Instagram, Google, Foursquare, Dropbox and their phone’s camera. People who sign up for Timehop’s service willingly provide access to these accounts, but may be unaware of the related personal data that can be compromised. Is granting access to your online presence worth a daily trip down memory lane?
Take action:
Think twice before linking accounts and allowing app permissions — especially those unrelated to the service you’re using. Pause and consider what you are giving away for convenience’s sake and ask yourself if it’s worth the price before moving forward. Be especially cautious about personal finance apps that link to bank accounts. Whether to share this data with a company is a choice within your power to make.
2)Your Data Is Only As Safe As Your Apps’ Security Practices
Timehop’s achilles heel was not requiring multi-factor authentication for all of its systems. Anyone using Timehop (or any service) entrusts the company when they sign up. People assume that their personal data is properly secured and the service has taken appropriate measures to protect it. The reality is that companies are run by humans, and humans make mistakes. While Timehop created a delightful product, it missed the mark in safeguarding customer data and making it inaccessible to malevolent third-parties.
Take action:
Make sure that you trust the company you share your personal data with.Research the company (a simple Google search or company website can tell you a lot about a company’s reputation and management). Look for social proof: testimonials from customers, press articles and investors often indicate a company’s legitimacy. Always read a service’s privacy policy and terms of service. If you don’t agree with what you read, don’t sign up for the service.
3)Privacy Protections Help Consumers
Timehop notified the public of its breach within days of its occurrence. Compare that to the six weeks Equifax took or two years Yahoo! waited to alert customers about massive data breaches. GDPR requirements (and a hefty potential fine) were responsible for Timehop’s prompt response. As of May 25, these regulations apply to any company with customers in the European Union. People benefit from early notification because they can monitor their accounts, update their security and change passwords to minimize damage.
Take action:
Support legislation that protects consumer privacy but don’t sit back and wait for a solution. Stay up-to-date on communication and current events pertaining to services you use. Make sure that online accounts are secured with strong, unique passwords. Wherever possible enable two-factor notification so you must confirm your own account access twice.
Stay vigilant to avoid being a victim of a data breach. Confirm that services you sign up for are trustworthy. Weigh the benefits and risks of linking accounts and granting app permissions. Monitor and protect your accounts with good security hygiene. Finally, go above and beyond to learn about tools and products to help protect your privacy and security!