Macy's, Timehop and Polar FitnessData breaches can’t escape the news these days, with the latest round of breaches illustrating that hackers are working around the clock to get our data. Recently, news broke about two hacks – one affecting the major retailer Macy’s and another affecting the app Timehop – as well as one data leak from the fitness wearables company Polar. Because it’s hard to keep up with all of these breaches, we’re detailing what you need to know about each of these incidents. Keep reading to see how they impact you.

Macys.com customers experience unauthorized account logins

What happened: Last week, Macy’s mailed out a letter to customers of Macy’s online shopping network, notifying them of a cyber threat which targeted online profiles for nearly two months. This threat apparently resulted in “suspicious login activities” that were the result of hijacked accounts.

Who does this impact: Macy’s hasn’t disclosed the number of customers affected by the breach, but the company is recommending that victims exercise caution. The accounts that were impacted have been blocked until the affected customers change their profile’s password. Macy’s also suggested that impacted users change their passwords for any other accounts using the same or similar passwords. These users should also notify their credit or debit card company about the breach, as it’s possible that account hijackers may have been able to access user’s saved payment information.

What’s being done to protect users: Macy’s noted that neither social security numbers, nor payment card CVVs are stored online, but in an abundance of caution, the company is offering a year of free identity theft protection through AllClearID.

Timehop user information siphoned in breach

What happened: On July 4, Timehop, a social media archiving app, suffered a data breach. Although the company noticed the breach while it was in progress and halted it, Timehop was, unfortunately, unable to prevent the hacker(s) from running off with user data. Further investigation into the breach revealed that the attacker(s) had actually accessed Timehop’s cloud computing account through an admin user’s credentials on Dec. 19, 2017. They also logged in twice in December, once in March and once in June, but solely to conduct surveillance.

Who does this impact: The breach compromised the data of 21 million users, which is a large majority of the app’s user base. The impact was limited to basic user information, including names, email addresses and phone numbers. The company stated that memories (the social media content that is archived from Facebook and other social media sites and stored on Timehop) were not viewed by the hacker(s). The hackers did get access to the tokens that authenticate user’s Timehop accounts on other social media accounts; however, Timehop has since deactivated these tokens, making them useless. The company does acknowledge that there technically could have been a window during which the hacker(s) used these tokens to view posted content on connected social media accounts, but Timehop states there is no evidence of this occurring.

What’s being done to protect users: Timehop said it’s working with law enforcement and a cybersecurity firm to learn more about the incident, in addition to beefing up its own security, as one of its cloud accounts didn’t have multifactor authentication. It’s also monitoring the Internet for any usage of users’ personal details.

Polar leaks private geodata

What happened: Similar to a story that broke earlier this year, Dutch security researchers recently learned that Polar, a popular fitness app, leaked the locations of personnel at military bases across the world. Although the study mostly focused on military personnel, the vulnerabilities studied in the research could affect any user of Polar devices. While the company provides users the option to share their data publicly, it was also discovered that even individuals who configured their profile settings to keep information private could still have their data leaked.

Who does this impact: Since this isn’t a breach in the formal sense, it’s impossible to calculate who, if anyone, was affected. Polar has disabled its Explore Map feature for the time being to prevent abuse of its platform, but it’s unclear if anyone else was aware of the vulnerabilities that the researchers discovered. Polar insists that there was no breach or leak, which is technically accurate, but if anyone else discovered what the researchers found, then user data could have easily been taken.

What’s being done to protect users: Polar is suspending and revamping the features used by the researchers to point out vulnerabilities in the platform. Other than that, no other course of action has been planned since the company believes that a breach did not occur.

For more information about protecting yourself from ongoing data breaches, keep reading our data breach alerts blog.