On Thursday, MyFitnessPal, a fitness and diet tracking app owned by the Under Armour athletic clothing company, reported that 150 million users’ data had been compromised in a massive security breach.
Here’s what you need to know:
- In February, a hacker breached the app’s system and stole the account data of 150 million app users.
- Under Armour claims that the hacker is in possession of users’ email addresses, usernames, and hashed passwords. A hashed password is a user’s password after it has been converted to an unrecognizable string of characters by a certain algorithm. In theory, this should make the information useless to the hacker, because hashing only works in one direction – your password can be turned into a hash, but not the other way around. However, common low-security passwords (like “password123” or “123456789”) can be identified by something called a rainbow table that stores the hashes of commonly used passwords. If the hashes feature no additional protections, this would unlock access to your account.
- Under Armour claims that no financial data was stolen. However, because hashed passwords can sometimes still be decoded, the company is still urging MyFitnessPal users to change their passwords. If you use this app, we suggest you change your password immediately.
What you can do to protect yourself
- Change your password.
- If you had a weak password, we suggest checking whether there was any financial information linked to your account that the hacker could’ve gained access to.
Unfortunately, there isn’t much more that users can do other than mitigate the damage of the attack since the breach happened in Under Armour’s servers. However, there are steps you can take to ensure that future attacks like this one are less damaging.
- Learn how to create a strong password. The stronger your password, the less likely it is that a hacker will be able to figure out your hash and access your account.
- Watch what you share. Millions of people have found MyFitnessPal to be a valuable tool, but this is a good opportunity to go through all of the apps you have on your devices and ask yourself if you really need them. Each one represents one or more servers somewhere in the world that are storing your sensitive and personal data – and that can be hacked through no fault of your own.