According to the news report by Reuters, Under Armour Inc. revealed that data from about 150 million accounts of the company’s diet and fitness app, MyFitnessPal, had been compromised in February this year. This hack is one of the biggest in history and it pushed the company’s shares down by 3% in after-hours trading.
According to Under Armour, the data that was stolen includes user names, e-mail IDs as well as scrambled passwords for both the MyFitnessPal website and mobile app. The good news was that Social Security numbers, payment card details as well as driver license details were not compromised in this hack, said the company, as these details are collected and processed separately. It does not seem like any biometric data was compromised by this breach in the company’s security.
According to data from SecurityScorecard, a firm that assesses cyber-security strength of third party vendors, this hack is the largest theft in 2018, and is also one of the top five hacks ever.
Two of the biggest hacks in history took place in 2013 and 2016. In 2013, more than 3 billion Yahoo accounts were hacked. Then, in 2016, credentials of more than 412 million users of adult websites operated by FriendFinder Networks Inc. were compromised.
While Under Armour stated that it was cooperating with law enforcement teams as well as data security companies to resolve this issue, it did not answer the key question of how the hackers were able to access its network. The company also did not give details as to how the hackers were able to pull out all that data without alerting anyone or getting caught in the act.
While credit card and other financial details hadn’t been taken, it doesn’t mean that the data stolen could not be used for nefarious activities. For example, email addresses stolen in a 2014 hack-attack on about 83 million JP Morgan Chase customers was found to be used in a pump-and-dump scheme to artificially boost stock prices.
According to Engin Kirda, a professor from Northeastern University, Boston, the dark web is usually the place where such email addresses are sold to the highest bidder.
Under Armour put out an alert on its website, stating that it required all its MyFitnessPal users to change their passwords as soon as possible. The company stated that it was monitoring for any kind of suspicious activity and was actively working with the law to ensure nothing further happened.
The company also stated that is was beefing up its security systems that detected and prevented unauthorized access to their users’ information. The company said that it started contacting the users of MyFitnessPal four days after the security breach was discovered via in-app messages as well as email.
MyFitnessPal is a mobile app that allows people to track their calorie intake, exercise routines as well as diet. The company bought this app in 2015 for $475 million, as a part of its bid to become the world largest tracker of information related to fitness.
This was to be an expansion of the company’s roots in athletic apparel as well as accessories. The app is a part of Under Armour’s connected fitness division, which contributed 1.8% to the company’s revenue of $5 billion last year.
Under Armour’s revelation comes just one day after Boeing Co. announced that it was the victim of a cyberattack. However, luckily, the company stated that only a small number of systems had been affected by a malicious software and the damage was minimal and under control.