Endpoint //

Privacy

3/30/2018
12:08 PM
50%
50%

Under Armour App Breach Exposes 150 Million Records

A breach in a database for MyFitnessPal exposes information on 150 million users.

Tracking your fitness goals is good for you. It can be worrying, though, if the information from your fitness tracker is exposed to criminals. That's the state some fitness buffs find themselves in after a breach of 150 million user accounts from the MyFitnessPal app from Under Armour.

The company has said that they have seen no evidence that any accounts have been logged into by an unauthorized user or that any illicit login attempts have been made. In an email to those affected they suggest that all MyFitnessPal users immediately change their passwords, a step that will ultimately be required for all users.

According to a statement from the company, on Feb. 25 Under Armour became aware that someone had gained access to the file in February, with the ability to see usernames, email addresses, and hashed passwords for the users. Under Armour stated that no Social Security numbers were seen because they don't collect them, and no credit card numbers were stolen because that information is stored in a different system.

Under Armour says that they do not know the hacker's identity, though they are continuing to work with law enforcement agencies on the investigation.

For more, read here and here.

Interop ITX 2018

Join Dark Reading LIVE for an intensive Security Pro Summit at Interop IT X and learn from the industry’s most knowledgeable IT security experts. Check out the agenda here.Register with Promo Code DR200 and save $200.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Oh, No, Not Another Security Product
Paul Stokes, Founder & CEO of Prevalent AI,  8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100
PUBLISHED: 2018-08-15
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101
PUBLISHED: 2018-08-15
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.