It's the data security news you never want to hear: 150 million MyFitnessPal user accounts have been hacked, says Under Armor, a massive breach of the health tracking service. At the beginning of this year, someone broke into the company's systems and deleted usernames, email addresses, and more. Here are the answers to the five big questions you probably have and what you should do next if you think you are affected by the MyFitnessPal injury.
So what happened? A lot of it, MyFitnessPal still is not. I'm sure. The company said it had become aware of a breach of its database on March 25, 2018. The infringement itself took place in February 2018. "We do not know the identity of the unauthorized party," MyFitnessPal admits. "Our investigation into this matter is still ongoing."
The company is now working with data security companies and law enforcement agencies to investigate the breach. In the meantime, however, there is a risk of phishing attempts and attempts to gain unauthorized access to other services using stolen data.
What information was retrieved?
There is good and bad news when it comes to stolen data. On the one hand, the affect information contained the MyFitnessPal user names, the associated e-mails and the hash password. The good news, however, is that ̵
Although the usernames and passwords were easier to see, the passwords went through a process known as "hashing" to encrypt them. MyFitnessPal has used a system called bcrypt that effectively takes the password that each user has set and then converts it into a different data chain. The idea is that the converted version can not be reset to the original.
If the password hashed, what's the risk?
If MyFitnessPal had kept the passwords in clear text, that would have been a big mistake: anyone with the stolen data would have the keys to a large number of accounts. But even with only e-mail addresses and usernames it is possible to cause serious damage. For this reason, MyFitnessPal users should be wary of possible phishing attacks.
Knowing that you are a user of the Under Armor service, as well as your email and username, a hacker could put together a reasonably convincing message that looked like it came from MyFitnessPal. In fact, the fact that this hack gets public attention means that people are likely to look for MyFitnessPal emails and open, read, and click on the links or attachments they contain. This could lead to further data theft if unofficial third parties ask for more personal information such as credit card numbers or SSNs, or see malware or spyware installed on their computers.
MyFitnessPal has already said that there are no links or attachments in the emails it sends to the hack. They also do not ask for personal information. "If the email you received on this issue asks you to download an attachment or ask for information," the company says, "the email was not sent by MyFitnessPal and may be an attempt to send your email -Mail stealing personal information. "
I have never logged in to MyFitnessPal, am I at risk?
Making the situation a little more complex is the fact that you may not have realized that you necessarily create an account at MyFitnessPal. The Under Armor service works with a number of different fitness wearables from different manufacturers. These include Fitbit, Garmin and more.
What will I do next?
At the top of your to-do list, the password for MyFitnessPal should be changed. You can do this by logging in to the desktop site with your username and password, clicking the My Home tab, then Settings, then Change Password. Strong passwords use letters, numbers, and symbols, but avoid personal information and common words.
As with any security breach like this, the bigger risk is that you use the same username and password for multiple sites and services. If so, take the time to go through it and change other passwords if necessary. This is probably a good opportunity to use a password manager like Keeper, 1Password or LastPass.