Hackers have successfully stolen the personal data of more than 21 million Timehop users.
The app, which allows people to view posts from the same day in previous years, gave a statement confirming that a network intrusion had led to the breach of names and email addresses alongside 4.7 million phone numbers.
The company stated that no social media posts were accessed and there had been “no confirmed reports” of any compromises.
It stated that access tokens provided by Timehop were stolen during the breach which “could allow a malicious actor to view without permission some of your social media post.”
There was according to the company a “short time window” during which it was theoretically possible for unauthorised users to access posts.
The breach itself happened in December 2017 after a staff member’s security information was used to log into the company’s cloud system.
After gaining access the hacker quickly set up a new admin account and began investigating the platform.
It wasn’t until last week that the hacker began exporting user data and the company became aware of the breach.
Timehop has stated that it took the company only two hours to respond and locked down its cloud environment while deactivating the keys that let it read social media posts.
The company has advised people to secure their phone numbers so that hackers are unable to “port” numbers, which could lead them to accessing other types of accounts.
An ICO Spokesperson said: “All organisations processing personal data should do so safely and securely. If anyone has concerns about how their data has been handled, they can report these concerns to us.”