Under Armour’s MyFitnessPal app breached, 150 mn customer details accessed

Under Armour’s MyFitnessPal app breached, 150 mn customer details accessed

Under Armour's fitness app MyFitnessPal breached, 150 mn customer details accessed

Leading sportswear brand Under Armour announced on Thursday that account details of approximately 150 million users of the company’s MyFitnessPal website and application were accessed by cyber criminals in February.

According to Under Armour, the MyFitnessPal team learned about the breach on March 25, following which the company informed law enforcement authorities about the breach and is now working with data security firms to investigate the breach.

Payment card details still secure

In a blog post on its website, Under Armour said that data accessed by unknown hackers included usernames, email addresses, and hashed passwords. However, the hackers were not able to gain access to personal or financial details of customers.

“The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers), which the company does not collect from users. Payment card data was also not affected because it is collected and processed separately. The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue,” it said.

Under Armour added that all affected customers were contacted four days after the incident was discovered and have been asked to change their MyFitnessPal passwords immediately in order to prevent cyber criminals from misusing their data.

What does this mean for affected customers?

The popularity of MyFitnessPal website and app has increased steadily over the past few years. Offering exercise and nutrition tracking, it’s user base rose from 30 million in 2012 to over 165 million in 2016. In 2015, the service was acquired by Under Armour in a $475 million (£338 million) deal, and the app can now sync with all fitness tracking devices retailed by Under Armour.

Commenting on the massive data breach suffered by MyFitnessPal, Evgeny Chereshnev, CEO and Founder of Biolink.Tech, said: “150 million hacked accounts is hugely significant, especially because most users use the same pairs of logins and passwords across multiple sites. Hackers will break the weakest point; in this case a fitness tracker database, and they can use this information to access users’ emails, social networks and more.

He warned that even if customers change their passwords, a number of them are likely to add one or two extra characters to their existing passwords which can be second-guessed by hackers using machine learning algorithms.

“Hackers can also match these stolen email addresses and passwords to other known databases of stolen credit card numbers, social security numbers, behavioural data bought from brokers etc. With this aggregated data, hackers can build up a pretty detailed profile of a user.

“If these hackers were able to match these stolen login credentials to the users’ actual fitness data, just imagine what could happen. Having this level of data would allow hackers to know that Mr Smith has a very specific and predictable pattern of behaviour. Fitness trackers don’t only track calories and the number of steps a person walks in a day; it also knows where people are and at what time. For hackers wanting to specifically target a certain person, this data is a gold mine,” he added.

ALSO READ: Disqus data breach compromised 18m email addresses & over 6m hashed passwords!

Copyright Lyonsdown Limited 2021

Top Articles

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

We Need to Talk About the Most Popular Bitcoin Trading Approach

Dealing with the most innovative side of the overall financial possibilities, you have to make sure that you are properly prepared to tackle each and every possible aspect of the…

How to effectively secure your remote or hybrid workspace

JumpCloud CTO Greg Keller explains how SMEs can adapt to changing workplace policies, improve security and reduce costs

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]