The Timehop data breach exposed more personal user data than first believed. The company first acknowledged the breach on Sunday.
The company first acknowledged the breach on Sunday, saying that users’ names, email addresses and phone numbers had been compromised. Today it said it that additional information, including date of birth and gender, was also taken.
TechCrunch spoke with Timehop CEO Matt Raoul, Coo Rick Weeb, and the security consultant hired to oversee the data breach,
Timehop admitted that it jumped the gun on announcing the breach before it knew all of the details. It was revealed that additional information was gleaned from the company’s database, including users’ birth dates and gender.
In our enthusiasm to disclose all we knew, we quite simply made our announcement before we knew everything.
With the benefit of staff who had been vacationing and unavailable during the first four days of the investigation, and a new senior engineering employee, as we examined the more comprehensive audit on Monday of the actual database tables that were stolen it became clear that there was more information in the tables than we had originally disclosed.
This was precisely why we had stated repeatedly that the investigation was continuing and that we would update with more information as soon as it became available.
The company also narrowed down the numbers on affected users, saying that 18.6 million email addresses were compromised (that’s down from the “up to 21 million” number first announced), and 15.5 million dates of birth. 3.3 million records were compromised that included names, email addresses, phone numbers and dates of birth.
Timehop advises its users to change their password. It says no other steps need to be taken.