[BreachExchange] Under Armour breach exposes the personal data of 150 million people

Audrey McNeil audrey at riskbasedsecurity.com
Fri Mar 30 14:09:14 EDT 2018


https://mashable.com/2018/03/29/under-armour-app-hack/

Under Armour's digital security is out of shape.

The athletic apparel company today announced a massive data breach
affecting at least 150 million users of its food and nutrition app
MyFitnessPal.

"On March 25, the MyFitnessPal team became aware that an unauthorized party
acquired data associated with MyFitnessPal user accounts in late February
2018," reads a press release detailing the breach. "The investigation
indicates that the affected information included usernames, email
addresses, and hashed passwords - the majority with the hashing function
called bcrypt used to secure passwords."

The fact that the passwords were hashed is good news to those affected, as
it suggests that their accounts may not have been immediately compromised
following the breach. Still, anyone who has used the MyFitnessPal should
absolutely change their password — a recommendation that Under Armour is
making as well.

There is one other bit of good news: It looks like social security numbers
and credit cards were not stolen in the digital heist.

"The affected data did not include government-issued identifiers (such as
Social Security numbers and driver's license numbers), which the company
does not collect from users," explained the press release. "Payment card
data was also not affected because it is collected and processed
separately."

At present, the company says it is unaware of who may have stolen this
data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180330/5240866d/attachment.html>


More information about the BreachExchange mailing list