21 million users are affected by a breach that exposed names, email addresses, access tokens and for some users, phone numbers. The breach, which occurred July 4, was contained after about two and a half hours, Timehop says. The attacker compromised a cloud services account belonging to Timehop, which did not have multifactor authentication enabled. The company says it has notified U.S. federal law enforcement and hired incident response and threat intelligence contractors and a crisis communication company. It has also notified European regulators.”]
Source: https://www.cuinfosecurity.com/timehop-lack-multifactor-login-controls-led-to-breach-a-11183