Timehop, that service you probably used to dig up old memories and photographs on Facebook, announced on Saturday that hackers had stolen around 21 million user email addresses and names. The hackers also stole the phone numbers of about 4.7 million of those users.
Having your email address exposed probably isn’t the end of the world, and it seems no passwords were included in the data breach. But a phone number may be a different story. Today, phone numbers often act as password reset mechanisms, or as the extra layer of authentication to secure accounts. If a hacker knows your phone number, and can then gain control of it, they can get up to all sorts of account hijacking mischief.
Hackers often carry out so-called SIM jacking, where they ring up your provider, pretend to be you by handing over some easy to obtain personal information such as your date of birth, and then ask the customer support rep to redirect any calls or texts messages to their own SIM card. This is how the hacker can then obtain your two factor authentication code or password reset request.
With that in mind, it’s probably a good time to check that you have a pin or passcode setup on your mobile provider account. These are codes that you have to present when asking for certain changes on your account, such as moving service to another SIM card.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.
In the future, there are some other things you may want to bear in mind: perhaps sign up to services (when you can) with a less identifiable email address. That way, when the data does leak, hackers will have a harder time linking any information to you. Or perhaps, although probably too much of an inconvenience for most people, have a second, cheap phone or additional number you use to sign up to more disposable services. Some websites let you sign up with a Google Voice number too; a free to setup internet phone number.