Under Armour MyFitnessPal suffers data breach, becomes MyFitnessFoe
Geting in shape can be very hard. Not only do you need the means to get fit -- education on what to eat, for instance -- but you also need time. Sadly, so many people put in long hours at work -- sometimes toiling away at two or more jobs -- that finding time (and energy) to exercise can be a near-impossibility. Luckily, technology can help with these deficiencies, as software can educate, while hardware -- such as wearables -- can (potentially) motivate and track progress.
While technology can be good, it can also be vulnerable, leading to stolen user data. Under Armour's 'MyFitnessPal' is the latest platform to experience a security breach. If you aren't familiar with it, Under Armour calls it a "Free calorie counter, diet, and exercise journal." Unfortunately, hackers have made off with the data of 150 million users. I guess you could say MyFitnessPal has become MyFitnessFoe!
Under Armour issues the following statement.
On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident
Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities. The investigation indicates that the affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.
The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users. Payment card data was also not affected because it is collected and processed separately. The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.
Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.
Under Armour began notifying its users today, a mere four days after the breach. While you may wonder why the company did not alert people sooner, remember folks, the investigation takes time. Doing due diligence and collecting facts before reaching out to customers is the right move -- you don't want to panic and share wrong for misleading information.
Ultimately, the data stolen isn't the end of the world. Yeah, it sucks that nefarious people could have your username and email address, but at least the passwords are hashed. Still, it is probably a best practice to change your password at any other site where you re-used the impacted password. True, you shouldn't be re-using passwords in the first place, but let's be honest, people do -- a fact that must be considered.
Are you impacted by this security breach? Please tell me your experience in the below comments.