News Security

Under Armour’s My Fitness Pal Gives An Easter Egg You Don’t Want To Get

myfitnesspal-top Under Armour's My Fitness Pal Gives An Easter Egg You Don't Want To GetUnder Armour Admits That 150 million MyFitnessPal Accounts Were Hacked

This wasn’t an attempt at an early April Fool’s joke. Heading into a holiday weekend this isn’t the kind of news athletic apparel giant, Under Armour, wanted to admit. The Baltimore based company revealed last Thursday that 150 million MyFitnessPal accounts had been compromised during the month of February. This was one of the biggest information hacks in history, and as a result, Under Armour shares dropped 3% going into Good Friday.

The good news is that the information compromised only included account user names, email addresses and encrypted passwords from both the MyFitnessPal website and mobile app. Important identifying and financial information like driver’s license numbers, social security numbers and credit card account numbers were not compromised.

This has been the largest information compromise in 2018 and one of the top five to date including the 3 billion Yahoo accounts compromised. By comparison the Target information hack was only 40 million records, however, the Target attack was critical financial information.

Under Armour said that they were working with law enforcement as well as data security firms to track down the source of the attack and to prevent attacks like this in the future. They took to their corporate websites to advise MyFitnessPal users to change their passwords immediately.

The warning about passwords came after it was discovered that password data for MyFitnessPal was encrypted using both SHA-1 protocol and bcrypt. For a better understanding of what that means, the Ashley Madison hack leaked 36 million records. All of those user passwords were protected using bcrypt. While Under Armour insists financial and identity information was not breached, many hackers know that most people use one or two passwords for all of their sign-ons, making it possible for hackers to breach other services with passwords they may have been able to access via the Under Armour leak.

“We continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” They said.

Under Armour learned of the incident this past Monday and started notifying MyFitnessPal customers on Thursday. They acquired MyFitnessPal in 2015 for $475 million dollars.

/* ]]> */