UPDATED 22:24 EDT / MARCH 29 2018

INFRA

Under Armour fitness tracking app hacked and 150M customer records stolen

Sports apparel maker Under Armour Inc. revealed Thursday that its MyFitnessPal service had been hacked with the account details of 150 million users being stolen.

MyFitnessPal is a smartphone app and website offered by the company that tracks diet and exercise to determine optimal caloric intake and nutrients for the users’ goals, using gamification elements to motivate users.

How the hack took place was not disclosed. Under Armour said in a statement only that “an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018” and that it immediately moved to shut down the data breach.

Account data stolen is said to include usernames, email addresses and “hashed” or scrambled passwords. The majority of passwords were hashed by bcrypt, an encryption standard that is more difficult to crack than other forms of encryption but not impossible.

The data stolen did not include government-issued identifiers such as Social Security numbers and driver’s license numbers, since Under Armour said it doesn’t collect those details from users. Credit card information is said to have been stored on a different server and wasn’t affected.

“While there aren’t many details yet, as with most breaches, it points to a lack of proper security hygiene, specifically around protecting user data,” Mike Kail, chief technology officer at CYBRIC Inc., told SiliconANGLE.

Despite Under Armour saying it contacted affected users, Kail noted that his wife, who uses the app, has not. That, he said, suggests that “it’s likely Under Armour does not yet have a precise handle on the severity of the situation,” and he expects more information to emerge over the next 24 hours.

“Unfortunately, until we see organizations adopt a more proactive approach to security, including establishing a process for continuously monitoring which applications might have vulnerabilities, we’ll continue to be made aware of similar instances,” Kail added.

News of the hack drove Under Armour’s stock price down. CNBC reported that it dropped as much as 3.8 percent before recovering slightly Thursday.

Image: Under Armour

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.