Timehop, a popular app which links to social media accounts and resurfaces old posts and photos, was hit by a data breach affecting 21m of its users, the company has revealed.

The hack occurred on 4 July 2018 and saw data including names and email addresses stolen, while 4.7m users also had their phone numbers appropriated.

In addition to this data, ‘access tokens’ given to Timehop by social media platforms were taken. These tokens, identify specific accounts and their credentials, could potentially enable a hacker to view some social media posts without permission – though the company has already invalidated compromised tokens.

Timehop says it has not seen any evidence to suggest any user data has been used, though it warns that it is highly likely that their information will begin to appear in forums and be circulated around the internet and the dark web.

The firm is working with cyber security experts, its cloud computer provider, and local and federal enforcement officials, while conducting an audit of all accounts, credentials, and permissions within its app.