In a recent attack against Under Armour’s Virtual health and wellness application – MyFitnessPal – it has been disclosed that over 150 Million accounts have been compromised including names, email addresses and bcrypt-hashed passwords.
Even though there are still details being identified as to how the attack occurred and what exploits may have been used – this has already been dubbed the largest data breach of 2018.
The event occurred in early February but like many intrusions the breach was not noticed or identified until some time later – specifically March 25th as reported by Under Armour. One fear that many people were concerned about was the chance of potentially compromising personal information – Social Security numbers or drivers license numbers – but fortunately the MyFitnessPal app does not collect this information. It also does not collect payment card data as this process is collected and processed separately.
“This event, like similar ones where credit-card data is not taken in a breach, demonstrates the value of enforcing security requirements,” he said, via email. “If businesses applied the Payment Card Industry Data Security Standards (PCI DSS) to all data and not just credit-card information, you would see a lot less personal information, such as user names, email addresses and passwords, getting into the hands of hackers.” John Gunn – CMO at VASCO Data Security stated.
MyFitnessPal did release the details as soon as they became aware and have included steps the users can take, mainly a requirement for adjusting their passwords, as well as the steps the company is taking to address the breach.
All of us at Your Digital Mind encourage users to be mindful that now that the breach has occurred – the real attacks will be happening in the near future. This includes social engineering and phishing attacks that may come in social media posts, messages or emails that ‘appear’ to come from Under Armour or MyFitnessPal.
We also recommend that is you are using a password for the MyFitnessPal that you use on any other website – especially any financial institution or similar site – change ALL the passwords and make them as strong as possible.