cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advocate III

Ever use Timehop?

Timehop was an app that would scrape your social media and "remind" you of anniversaries at a later date.

 

As such, it had to have permission to access your social media.

 

Well, it got hacked.  (Well, maybe I shouldn't say it got hacked, since that implies some intelligence and sophistication on the part of the attackers.  Actually, Timehop was just careless about passwords.)

 

Which means that someone has your passwords.  Well, access tokens, anyway.  (If you ever used Timehop, that is.)

 

Do you really need to give that app access to your accounts?  (Not just Timehop, of course.  Lots and lots and lots of apps ...)


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
Contributor III

Re: Ever use Timehop?

 

In my case, there's usually one of 3 outcomes:-

 

  1. An app asks for full access to resources during installation --- which I may not grant unless I see them as necessary. If installation continues & the app runs without these, well and good.
  2. An app fails to install unless I grant access, in which case I'll give it access during installation, but revoke the permissions in the security settings immediately after. If the app still runs after that, well and good.
  3. An app fails to run after I revoke permissions in the security settings, unless I again grant access. At this point I'll decide on whether I can do without the app.

In my opinion, it isn't worth compromising security to attain functionality that isn't essential...

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz