150 million user accounts compromised in fitness app breach
Under Armour, the sportswear company announces that its app MyFitness Pal has experienced a data breach that compromised 150 million user accounts. The fitness app comprises a calorie counter and exercise journal, available for free on iOS and Android. Under Armour acquired the app in 2015 when it had 80 million users, that doubled over to 165 million users.
The breach happened sometime in February of this year, however, the company discovered it just recently. Acting instantaneously, the company notified users via email and in-app notifications. The breach has compromised user details such as email, usernames, addresses, and encrypted passwords. MyFitnessPal is urging users to change their passwords immediately. In the coming days, the process will be forced upon them through in-app actions as a remedial measure to control the damage of the breach.
According to Under Armour, a majority of the stolen passwords have been encrypted with “bcrypt”, a hashing algorithm. The algorithm is considered safe, however, it is sometimes prone to implementation error. If applied correctly, the hackers would not be able to see the passwords in plaintext. The algorithm renders passwords almost useless as it demands complex computation and would take centuries to decrypt user passwords.
The breach has not exposed particularly sensitive user data such as credit card or social security numbers, but the scale of the attack has affected the stock of Under Armour and may continue to do so in the coming days. The shares of the company have dropped by four percent. The company is now working with law enforcement agencies and cybersecurity firms to trace the source of the breach.