Under Armour notified its users about a major security breach that compromised 150 million accounts of MyFitnessPal. It is a smartphone app available for iOS and Android users and tracks diet and exercise and notifies users about the calorie intake and nutrients. Reportedly Under Armour acquired MyFitnessPal for $475 in 2015 when it has 80 million users. The data breach includes the user’s account information that features usernames, hashed passwords, and email addresses. The breach reportedly took place in February. Recently we have come across Slingshot malware that attacked user’s routers and remained undetected for six years.
As soon as the company learned of the breach, it started notifying users via both emails and in-app notifications. According to Under Armour, most of the stolen passwords are encrypted ones with a hashing algorithm called bcrypt. Although considered safe, these passwords have implementation errors. So, even if the hackers gain access to these passwords they cannot decrypt to access the plain text. In general, the bcrypt is slow and computationally demanding and hence takes centuries to decrypt the user passwords.
Also Read: Trash Robot allows you collect garbage from the river via internet
MyFitnessPal says it is working with the leading security firms to fix the issue. It elaborated the steps it took to protect the community which includes notifying users to provide information on how to protect the data and continue to make enhancements to their systems to prevent unauthorized access to user information. MyFitnessPal also asked its users to immediately change their passwords. The data breach has a significant impact on the Under Armour’s stocks which dropped significantly almost 4 percent.