The sports firm reported that the data breach happened due to its MyFitnessPal program. The platform was brought back in 2015 by the company. The company also noted that the attack happened during the last few days of February 2018. The cyber attackers managed to take the personal details of users who were making use of the Under Armour fitness program.
The company which is based in Baltimore, Maryland, said at the moment they could not pinpoint as to who had taken the data. However, they did confirm that the data at risk included people’s usernames and passwords. They also added in their statement that email addresses were also taken,q and that the password was stored as bcrypt hashes.
Fortunately, the hackers did not get away with other sensitive information such as Social Security numbers. Other government issued information such as drivers license numbers were also safe, the company confirmed. The company also processes the financial data of its clients separately. Therefore there were no casualties in the financial department.
MyFitness Pal program is an app available for free on smartphones and allows for easy tracking of users goals. The app can track the diet, nutrition and calorie intake of the user. It determines how much the user needs to eat in calorie terms after calculating with the data registered in it. The company responsible for the app was brought back in February 2015, by Under Armour for $475 million.
The company has been actively notifying its members through the app and emails to urge to change their details. The company also involved the law enforcement authorities in the issue to help with the investigation.
Many analysts had their points to say regarding the recent hack including Engin Kirda, the co-founder and Chief Architect at Lastline. With various questions including the importance of the data taken lingering on people’s minds, Professor Kirda answered a few questions.
Considering that the hackers got away with data including usernames, passwords, and email addresses, people wanted to know what use it was for the hackers. Kirda noted that this kind of information might not involve financial data, but it was still valuable for the hackers. The attackers now have the chance to brute force on any platform using the given data. Email addresses will also be used for spamming since many of the addresses are owned by active people.
He also added that if the hackers looked to sell the data, they would have a ready-made market on the dark web. On the market, the highest bidder will probably get the data and only they will know what they will use it for. He also likened the Under Armour hack to the Sony hack which happened a few years ago.