The hack has exposed the email addresses and passwords of its users who have now been advised.
The popular MyFitnessPal application from Under Armour has experienced a massive mobile app security breach. The hack extended to both mobile users and those using the official website.
The cybersecurity breach occurred in February and revealed usernames, email addresses and passwords.
An estimated 150 million users were affected by the mobile app security failure, said Under Armour. Users who may have been impacted by the breach are in the midst of being advised. Each one is receiving an email. In-app notifications are also used.
The company is making a broad effort to ensure that anyone who may have been affected will know. The communications have been issued along with additional security information. Furthermore, they offer standard online and mobile security recommendations. Under Armour will soon require all users to reset their passwords.
Under Armour first found evidence of the mobile app security problem on March 25, 2018
It since discovered that a third party company had achieved access to about 150 million user accounts. They believe the hack occurred near the end of February. The company launched an immediate investigation into the issue. It determined that the hackers made off with information that had been secured by way of the bcrypt hashing function.
While the third party did manage the cyberattack gathering email addresses, passwords and usernames, it didn’t obtain any government ID. That is, the hackers did not manage to gather Social Security numbers, drivers license data or any other similar information. The reason is that MyFitnessPal doesn’t gather very much personal information from its users.
Moreover, the hackers also did not successfully obtain any payment data in the online and mobile app security breach. Though the firm does collect payment information for mobile commerce transactions, that data is processed separately.
Under Armor released a statement regarding the cybersecurity breach. It stated that it is working alongside data security firms to investigate and overcome the hack. It is also investigating to make sure its other brands were not affected by the data breach.