Timehop, an app that resurfaces your old photos and posts by abutting to your social media profiles, appear that its cloud accretion ambiance was hacked and the data of 21 actor users was stolen on July 4.

The stolen data comprised mostly of user names and email addresses. Of the 21 actor compromised user data, the phone numbers linked to 4.7 actor accounts were also stolen.

“Tokens” provided by social media profiles to Timehop for accepting access to posts and images were also taken.

With the “access tokens,” hackers could view some of the users’ social media posts after their permission. However, Timehop claims that the tokens were deauthorized and made invalid within a “short time window” and cannot be used to gain access to users’ social media profiles.

Timehop noted that the compromised cloud accretion annual did not have multi-step verification before the adventure – a gross blank on the company’s part, given that it’s now common convenance among firms administration large volumes of user data. Timehop is in cooperation with local and federal law administration admiral to investigate added on the breach, and to enhance its aegis upgrades. Following the breach Timehop also reset all its passwords and added a multi factor affidavit to all its accounts linked to cloud-based services.

As of now, Timehop claims that there is no affirmation of the stolen data being used. With the new GDPR aloofness law defining a breach as “likely to result in a risk to the rights and freedoms of the individuals”, Timehop claims to have notified all its European users of the breach, and that it is alive carefully with European-based GDPR experts to assist in the adverse measures.

Read next: Polar’s fettle app made it alarmingly easy to track soldiers and secret agents common