In July 2018, TimeHop, in a very transparent manner, discussed the breach of their service which affected approximately 21 million records, some of which included personal identifying information (PII) such as name, email, phone number, and date of birth, while others contained variants.
Reviewing the sequence of events, we see that a trusted insider placed the company’s data at risk when their employee credentials were used by a third-party to log into TimeHop’s Cloud Computing Environment.
How the intruder obtained the employee’s log-in credentials is unknown.