On Thursday, March 29th, 2018, Under Armour Inc announced that back in February, data from some 150 million MyFitnessPal diet and fitness app accounts were compromised, making this one of the biggest hacks in history.
With that, Under Armour Inc went down 3 percent in after-hours trade.
In a statement, Under Armour revealed that the stolen data includes:
- account usernames
- email addresses
- and scrambled passwords
But notes that Social Security numbers, driver license numbers, and payment card data were not compromised.
Due to the number of records compromised, SecurityScorecard rates this breach as the largest data breach this year as well as one of the top five to date.
The 3 billion Yahoo accounts compromised back in 2013 and the 412 million exposed user credentials of adult websites run by California-based FriendFinder Networks Inc in 2016, still go down as the top breaches.
Under Armour did not reveal in the statement of how the hackers got into its network or how they were able to pull data without going unnoticed but has noted that they are working with data security firms and law enforcement.
And while the breach did not include financial data, it did include email addresses which are valuable to cybercriminals.
Example: In 2014, cybercriminals were able to obtain the email addresses of 83 million plus JPMorgan Chase customers. These email addresses were then used in various pump-and-dump schemes. And according to US federal indictments in the case in 2015, these schemes were meant to boost stock prices.
Four days after learning about the breach, Under Armour started to notify users of the breach.
With that, found an alert found on the Under Armour website, MyFitnessPal users were urged/required to change their passwords immediately.
MyFitnessPal was purchased by Under Armour for $475 million in 2015.