The mobile app Timehop, which displays users' social media posts from the same day in previous years, announced that it suffered a data breach in December 2017, affecting its entire user base of over 21 million users. The threat actor gained access to the company’s cloud infrastructure, which did not have multi-factor authentication enabled, and stole data on Timehop users, including usernames, emails, phone numbers, and access keys. Access keys link the users' Timehop accounts to other social media accounts to pull older posts and images. The keys have since been de-authorized and can no longer be used. Timehop is working with law enforcement and a cyber incident response firm.