Under Armour revealed details last week into the biggest breach of 2018, impacting over 150 million of its MyFitnessPal health and wellness users.

MyFitnessPal is a popular fitness tracking app that allows users to track their calorie intake and exercise. It was founded in 2005 and was acquired by Under Armour three years ago.

The intrusion happened in February, but Under Armour did not become aware of the incident until March 25. Hackers made off with usernames, email addresses, and mostly bcrypt-hashed passwords. Some of the passwords compromised were only encrypted using a significantly weaker 160 bit-hashing function, SHA-1.

Fortunately for its users, data like Social Security Numbers and driver’s license numbers are not collected by MyFitnessPal, and banking and credit card information is collected and processed separately.

Under Armour is in the process of notifying all MyFitnessPal users to provide information on how to protect their data, including requiring all users to change their passwords, working with law enforcement to monitor for any suspicious activity, and exploring additional protections to help detect and prevent similar incidents from happening in the future.

Under Armour’s response to the incident has been timely and responsible, but that doesn’t mean they aren’t experiencing the usual side effects of a data breach, namely financial damage. To date, Under Armour stocks have dropped as much as 4.6 percent. This figure is standard for an organization suffering a data breach, that’s at least according to a recent Ponemon study which found that stock prices fall an average of five percent the day a breach is disclosed, and companies experience up to a seven percent customer churn.

While details on exactly how Under Armour was breach are not available yet, it would not come as a shock if this attack was executed by a trusted employee or an external cybercriminal using valid, authorized user credentials.

NNT believes it’s not enough to guard the gate and keep unauthorized users out; instead, there must be a means for monitoring what’s going on within the network as well, regardless if there’s any suspicious activity to be concerned about. As unfortunate as it may seem, organizations must adopt the notion that untrusted actors exist both inside and outside the network and that user behaviour must be monitored to spot any suspicious activity. NNT’s Breach Detection- Host Intrusion Detection tool is a great way to monitor these activities and spot any malicious activity before any serious damage is done.  


Read the article on Forbes


The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.