Facebook found its name in the news again this week regarding a major security issue, even though this time it wasn’t the social media giant’s fault. Popular app Timehop, which accesses users’ photos and posts and resurfaces them, revealed that it suffered a major data breach on July 4 that exposed the information of 21 million users.

Timehop was quick to point out that it doesn’t possess much of its users’ personal information, but it does have their phone numbers, email addresses and names.

“The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service,” the site wrote in a blog post revealing the breach. “Timehop has never stored your credit card or any financial data, location data, or IP addresses; we don’t store copies of your social media profiles, we separate user information from social media content — and we delete our copies of your ‘Memories’ after you’ve seen them.”

The company has promised to hire a cybersecurity company to track whether its users’ information appears on the Internet or Dark Web, but the fact remains that the info is now out there. And while Facebook played no direct role in the breach, it’s just another example of how the site traffics in our info — and how vulnerable that info really is.