A massive data breach of the MyFitnessPal app revealed over 150 million user credentials and personal data to cyber hackers. Under Armour Inc. stated that the list of corporates victims of hacking and cyber-attacks last week hurt share prices by almost 4.6%.
Social security numbers, driving license numbers, and credit card and debit data were not part of the stolen credentials, thankfully. However, email addresses, passwords and accounts usernames which were directing linked with accessing MyFitnessPal portal were compromised.
According to a Bloomberg report, Under Armour noticed the data breach earlier last week. Immediately since then, the corporation has taken the necessary measures to inform its MyFitnessPal users through in-app messages and emails. The firm’s stocks, which had increased by around 13 percent earlier to start the new year, fell by as much as 4.6 percent to $15.69 in off-period trading.
“These email addresses are very valuable to hackers and spammers since the attackers would know that active, real users behind these email addresses,” said Kirda Engin, a professor from Boston. “Such stolen data and information are usually advertised and sold to the highest bidder on the dark web,” she added.
Under Armour acquired the MyFitnessPal app for $475 million in 2015. It is a mobile app that provides beneficial nutrition services to millions of people allowing them to track their exercise routine, diet and caloric intake. It became part of Under Armour’s connected fitness division, expounding on the company’s athletic apparel and raised 1.8 percent of the mother’s company’s $5 billion last year in terms of annual revenue.
Information and data directly related to accessing MyFitnessPal portal such as email addresses, account usernames and passwords were stolen in the unfortunate incident.
Massive data breaches are on the rise. This particular breach is the biggest so far this year and among the top five to date globally. Rating on basis of the number of stolen or compromised records, the three billion Yahoo data breach in 2013 still remains the worst of them all, followed by the 500 million Yahoo email accounts hacked in 2014. The others according to LeakedSource, include the 412 million adult-website credentials compromised from FriendFinder Networks Inc., the biggest of its kind in 2016 and the 360 million compromised Myspace accounts in 2016.
Leadership at Under Armour has only admitted to working with data security firms and law enforcement agencies on cyber crimes but has not provided full details of the hack or what exactly transpired—how data was pulled without anyone noticing, let alone anyone being caught, or even how its network was secretly accessed. Data security experts do not believe that such stolen credentials would be useless in the hands of unauthorized parties even though more sensitive credentials were not accessed.
In 2015, according to US federal indictment reports, email address stolen in a similar data breach from JPMorgan Chase where about 83 million accounts were compromised in 2014, were all eventually used by unauthorized parties to boost stock prices on domestic exchanges in the pump-and-pump schemes.
“As we continue to monitor for the suspicious activity and coordinate with data security firms and law enforcement agencies, we advise all MyFitnessPal users to immediately change their accounts passwords,” Under Armour advised as revealed on its company’s website saying it also added that the company was bolstering systems which are developed to prevent such incidents from reoccurring in the future by detecting and blocking illicit access to important information.