Timehop to Confirm 'Security Incident'

Personal data of 21 000 000 users of popular service is in the hands of attakers
09 July 2018   871

Popular service Timehop, created in 2011, is a kind of "time machine" for users of social networks. It allows to find out what the user or his friends published a few years ago, collecting information from Facebook, Instagram, Twitter and even photos in Dropbox.

Last Sunday, the company reported that on July 4, 2018, Timehop ​​was attacked by unknown intruders, and as a result, data of 21 million people 'leaked'.

Representatives of the company report that they discovered a breach when the hackers were still active and managed to stop the leakage of information, but for many users it was too late. The unknown managed to steal email addresses, names and phone numbers of 21 million users.

In addition, there were compromised "keys that let Timehop read and show you your social media posts (but not private messages)." Developers assure that all keys are already deactivated and no longer work, and users need to re-authenticate in the application.

The official message emphasizes that these tokens do not allow anyone (including Timehop ​​itself) to access Facebook Messenger or personal messages on Twitter or Instagram. Access is granted only to ordinary records. Theoretically, during the incident there was a short period of time during which unauthorized users could access such records of the victims. However, there is no proof that this really happened yet.

Almost no technical details about the incident have yet been reported, as the company continues its internal audit and investigation, involving local and federal law enforcement agencies, as well as third-party cybercriminals.

Representatives of Timehop ​​recognize that the attackers managed to get into the system because of compromising credentials for one of the "cloud" accounts. The fact is that the account was not protected by multifactor authentication, and only now the company decided to attend to additional protection of authorization and access control.

Go 1.12 to be Available

Great news for all Go enthuisiast and developers; let's check what's new
28 February 2019   436

Go 1.12 programming language released, which is being developed by Google with the participation of the community as a hybrid solution combining high performance of compiled languages with such advantages of scripting languages as ease of writing code, speed of development and protection from errors. The project code is distributed under the BSD license.

These are main updates:

  • Native TLS 1.3 support. It is not enabled by default, it is necessary to set the option tls13=1 in the environment variable GODEBUG (package crypto / tls).
  • Improved module system support. Developers are preparing to include it by default in version 1.13.
  • Windows support on ARM architecture systems. For example, Go can now be used with Windows 10 IoT Core on Raspberry Pi 3 boards.
  • Improved compatibility with upcoming versions of macOS and iOS. The layer for making specific system calls is the libSystem library.

Get more information at official documents.

Starting with Go 1.13, support for macOS 10.10 "Yosemite" will be discontinued, as the minimum supported version of macOS will be 10.11 "El Capitan". The next release also plans to end support for the FreeBSD 10.x branch.