Breach Detection BREACH DETECTION

Under Armour revealed details last week into the biggest breach of 2018, impacting over 150 million of its MyFitnessPal health and wellness users.

MyFitnessPal is a popular fitness tracking app that allows users to track their calorie intake and exercise. It was founded in 2005 and was acquired by Under Armour three years ago.

The intrusion happened in February, but Under Armour did not become aware of the incident until March 25. Hackers made off with usernames, email addresses, and mostly bcrypt-hashed passwords. Some of the passwords compromised were only encrypted using a significantly weaker 160 bit-hashing function, SHA-1.

Fortunately for its users, data like Social Security Numbers and driver’s license numbers are not collected by MyFitnessPal, and banking and credit card information is collected and processed separately.

Under Armour is in the process of notifying all MyFitnessPal users to provide information on how to protect their data, including requiring all users to change their passwords, working with law enforcement to monitor for any suspicious activity, and exploring additional protections to help detect and prevent similar incidents from happening in the future.

Under Armour’s response to the incident has been timely and responsible, but that doesn’t mean they aren’t experiencing the usual side effects of a data breach, namely financial damage. To date, Under Armour stocks have dropped as much as 4.6 percent. This figure is standard for an organization suffering a data breach, that’s at least according to a recent Ponemon study which found that stock prices fall an average of five percent the day a breach is disclosed, and companies experience up to a seven percent customer churn.

While details on exactly how Under Armour was breach are not available yet, it would not come as a shock if this attack was executed by a trusted employee or an external cybercriminal using valid, authorized user credentials.

NNT believes it’s not enough to guard the gate and keep unauthorized users out; instead, there must be a means for monitoring what’s going on within the network as well, regardless if there’s any suspicious activity to be concerned about. As unfortunate as it may seem, organizations must adopt the notion that untrusted actors exist both inside and outside the network and that user behaviour must be monitored to spot any suspicious activity. NNT’s Breach Detection- Host Intrusion Detection tool is a great way to monitor these activities and spot any malicious activity before any serious damage is done.  

 

Read the article on Forbes

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.