Under Armour Says 150 Million MyFitnessPal Accounts Were Hacked

Under Armour said about 150 million user accounts for its MyFitnessPal nutrition tracker were breached earlier this year. From a report: An unauthorized party stole data from the accounts in late February, Under Armour said on Thursday. It became aware of the breach earlier this week and took steps to alert users about the incident, the company said.

PR speak

[rmdingler]

It became aware of the breach earlier this week and took steps to alert users about the incident, the company said.

...took steps to alert users about the incident... sounds a whole lot less definitive, and somewhat shy of reassuring, than saying they "...alerted users about the incident..."

Re:

[supremebob]

Yeah, that's total bullshit. I actually had a MyFitnessPal account at one point, and this is the first I heard of the breach. I didn't even know that Under Armour owned them now!

Re:

[nospam007]

"I received an email from them about it this morning. Seems pretty straightforward to me. If your account was "at one point" do you still check the email used to sign up for it?"

Nobody sane uses a real name or a real email address for services like this.

Re: PR speak

[Brian Beaudoin]

I sure wasnâ(TM)t alerted. Glad I stopped uploading my data to it. I also realized Iâ(TM)ve still got my defunct Facebook account linked to a few services (including Slashdot) so I might as well unlink them while Iâ(TM)m at it.

Re:

[Anonymous Coward]

I used to use the same email and six character password for marginally useful web apps I didn't really care about. I got an email from facebook on Monday saying someone tried to access my account so I updated to a strong lastpass generated password but I was wondering what triggered the alert. It had to have been the myfitnesspal breach. I guess that's a good demonstration on why reusing short passwords is so dangerous. It's trivial these days to go through 150m salted passwords and reverse engineer all

if you assume...

[zlives]

in this particular case you are not the ass.

assume if you have an online account it is or will be hacked. then decide what information to share and if online is worth it.

What If You Distributed Across 10 Systems?

[dryriver]

So you have 150 Million users. That's a lot of people. Distribute them over 10 different systems, each with different OBSTACLES to being hacked in place - i.e. each needs to be hacked in a slightly different way for anyone to get inside. A successful hack of 1 system would mean only 15 Million are exposed at one time. If you detect the hack as it happens, you can quickly take the other 9 systems offline, make changes to security, and so on and so forth, possibly saving 135 Million customers records from exp

Re:

[Lab Rat Jason]

Uh... how about just distribute the accounts to the devices... all 150 million of them. Not everything needs to be connected these days.

Re:

[fedos]

Because you don't just use it from a single device,

Re:

[WankerWeasel]

Have fun setting up and managing 10 different systems. Enjoy having to bloat your app to be able to know how to work with 10 different systems rather than 1. Have a great time with different bugs across different systems. There's a reason companies don't do this.

unacceptable!

[supernova87a]

Great, now Russian operatives know how many times I can squat 75 pounds before needing to treat myself to 3 cookies.

Re:

[dryriver]

42 times. You eat 4, not 3 cookies afterwards. And you wear underwear that is too tight when you squat. Na Zdorovie! =)

Re:

[dryriver]

In Kardashian America, ANYONE working out in a pink thong IS a celebrity. If you really were Russian Intelligence, you would know that. You are Greek Intelligence posing as Russian Intelligence. You also have some Feta cheese in your mustache and a badly smudged lens on your webcam.

Re: unacceptable!

[Type44Q]

6cm

Taint that much.

150M accounts?

[Khashishi]

How do they even have 150M accounts? Do 2% of people on Earth have MyFitnessPal accounts?

Re:

[dryriver]

Russian intelligence set up 133 Million fake MyFitnessPal accounts, so it could syphon Billions out of the U.S. economy. Except of course that the guy who filled in "Field Action Request Form 47-P-154-X-110-U-A-4" typed MyFitnessPal on the mechanical typewriter, rather than PayPal. Putin had him punished by having him thrown out of a plane over the Baltic, with a Sodomov A-47 mechanical fitness tracker shoved up his r*ctum.

Re:

[arth1]

How do they even have 150M accounts? Do 2% of people on Earth have MyFitnessPal accounts?

Some probably have more than one account (forgot and created a new one, or wanted to start over fresh), but that number doesn't seem all that high.

Mostly Americans too, I wager. These days, many health insurance companies and employees offer "incentives"[*] where you have to have a step tracker hooked up to their system. They often add support for catching data from some the more popular fitness tracking sites like Strava and MyFitnessPal. But Strava is really mostly for runners, so the average insurance

Re:

[Stud McPeckChest]

How do they even have 150M accounts?

Under Armour seems to have purchased a whole herd of fitness sites and brought them together under them. I noticed that MFP, a cycling site and a running site I use (not with great results but I use them) all came under their control within the past few years. I also noticed a lot of overlap between the sites after the acquisitions so I am guessing that breaking into one system gave them access to everything. I actually kind of liked the homogeneity after the merges but

Re:

[account_deleted]

Comment removed based on user account deletion

H4X0rz plan backfires

[Provocateur]

Damn, said the hacker. She's gonna know about my intimate apparel, AND my heart rate/stamina.
 
Next up:Victoria's Secret Mwahahahaha. The plot sickens; but you have to admire the equal-opportunity h4x0rz

so what

[AndyKron]

If I was a security guard and people came in and stole a lot of stuff I would be fired. Who's getting fired here?

Re:

[arth1]

If I was a security guard and people came in and stole a lot of stuff I would be fired. Who's getting fired here?

Probably sysadmins who repeatedly said that they had bad security and that changes were needed. Certainly not management who overrode their concerns because corporate security scanning software said everything was fine.