MyFitnessPal hacked, 150 million user accounts compromised

American manufacturer of sports gear, Urban Armour, announced that 150 million MyFitnessPal accounts were breached following the largest cyber incident to take place so far this year. Although the nutrition application fell victim to a data breach in late Frebruary 2018, it was only detected this week and users started receiving notification emails four days later.

DevOps Connect:DevSecOps @ RSAC 2022

Hackers did not have access to sensitive data such as government issued identification information, Social Security numbers, driver’s license numbers or payment card data, as this was processed separately, Under Armour stated. The only data that may have been affected are emails, user names and hashed passwords.

“We continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” the company said. Urban Armour is working with law enforcement to detect how hackers infiltrated the network and how the data was stolen.

Following the attack, company shares dropped 4 percent.

In the meantime, because emails and passwords are very valuable to hackers, the company urges all users update their passwords as soon as possible.

“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” Under Armour said in a statement. “The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”

MyFitnessPal was purchased by Urban Armour for $475 million in 2015 when it had 80 million users. The application not only monitors nutrition and fitness activity, but it can also be linked to other accounts such as Fitbit, to monitor calories lost during exercise, RunKeeper, Paer Pedometer and Polar Flow, among others.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Luana Pascu. Read the original post at: