Pulled an Equifax: Under Armour’s MyFitnessPal was hacked

Data thieves strike again, this time with fitness buffs — last Thursday, Under Armour disclosed that data tied to its fitness app MyFitnessPal was breached, affecting 150m user accounts. The stolen data includes account usernames, email addresses, and scrambled passwords for both the app and its website, sending shares of the athletic apparel maker down […]

Data thieves strike again, this time with fitness buffs — last Thursday, Under Armour disclosed that data tied to its fitness app MyFitnessPal was breached, affecting 150m user accounts.

The stolen data includes account usernames, email addresses, and scrambled passwords for both the app and its website, sending shares of the athletic apparel maker down 3%

Oh yeah, it’s also one of the largest data hacks in history

MFP’s breach is certainly the largest this year, and one of the top 5 ever, based on the number of records compromised (for reference, the Equifax hack affected about 145m accounts).

Larger breaches in the hack hall of fame include 3B Yahoo accounts in 2013, and the credentials of more than 412m users of adult websites run by FriendFinder Networks in 2016. 

So what happens now? 

According to the company, the breach occurred in February, and they began notifying customers at the end of March, 4 days after they were made aware of the hacks — more than companies like Equifax (which took over a month), or Uber (which took over a year) can say.

On the bright side, Under Armour had a system in place to protect goods like addresses, birthdays, and payment info from being scooped — on the not so-bright side, a lot of that can be gleaned from an email account.

Get the 5-minute roundup you’ll actually read in your inbox​

Business and tech news in 5 minutes or less​

Psst

How'd Bezos build a billion dollar empire?

In 1994, Jeff Bezos discovered a shocking stat: Internet usage grew 2,300% per year.

Data shows where markets are headed.

And that’s why we built Trends — to show you up-and-coming market opportunities about to explode. Interested?

[email-submission-form button-text="Join Free" include-trends-opt-in="true" success-url="https://thehustle.co/new-thank-you-v2/" default-source="thehustleco" default-medium="home-exit-popup" default-campaign="home-page" form-id="exit-popup-general" optinmonster-conversion="true"]
<script type="text/javascript"> var onloadCallback = function() { grecaptcha.render('verify-your-humanity', { 'sitekey' : '6LdddrcZAAAAALyttpvOqiwQGwq5BNhgDz4tMQGE' }); }; function getCookieValue(a) { var b = document.cookie.match('(^|[^;]+)\\s*' + a + '\\s*=\\s*([^;]+)'); return b ? atob(decodeURIComponent(b.pop())) : ''; } function getCookie(name) { var cookieArr = document.cookie.split(";"); for(var i = 0; i < cookieArr.length; i++) { var cookiePair = cookieArr[i].split("="); if(name == cookiePair[0].trim()) { return decodeURIComponent(cookiePair[1]); } } return null; } function setHiddenFieldValue(wrappingDiv, searchParams, className, utmName, cookieName, defaultValue) { var el = wrappingDiv.getElementsByClassName(className)[0]; var existingVal = el.getAttribute('value'); if (utmName == 'ref') { var newVal = searchParams.get(utmName) || getCookie(cookieName); } else { var newVal = searchParams.get(utmName) || getCookieValue(cookieName); } if ((existingVal == null || existingVal == '' || existingVal == defaultValue) && (newVal != null && newVal != '')) { el.setAttribute('value', newVal); } } function setHiddenFieldValueFromUtm( wrappingDiv, searchParams, className, utmName, defaultValue ) { var el = wrappingDiv.getElementsByClassName(className)[0]; if (el != null) { var existingVal = el.getAttribute("value"); var newVal = searchParams.get(utmName); if (newVal != null && newVal != "") { el.setAttribute("value", newVal); } } } function initForm() { var wrappingDivs = document.getElementsByClassName('email-submission'); Array.prototype.forEach.call(wrappingDivs,wrappingDiv => { var sp = new URLSearchParams(window.location.search); setHiddenFieldValue(wrappingDiv, sp, 'funnel-source', 'utm_source', 'funnel_source', 'thehustleco'); setHiddenFieldValue(wrappingDiv, sp, 'funnel-campaign', 'utm_campaign', 'funnel_campaign', 'home-page'); setHiddenFieldValue(wrappingDiv, sp, 'funnel-medium', 'utm_medium', 'funnel_medium', 'home-exit-popup'); setHiddenFieldValue(wrappingDiv, sp, 'funnel-referral', 'ref', 'funnel_referral', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-a', 'a', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-c', 'c', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-o', 'o', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-oc', 'oc', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-e', 'e', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-f', 'f', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-r', 'r', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-t', 't', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s1', 's1', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s2', 's2', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s3', 's3', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s4', 's4', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s5', 's5', ''); var error_message = getCookieValue('validate-email-message'); if (error_message && error_message.trim() != '') { var error = wrappingDiv.getElementsByClassName('funnel-error')[0]; var prev_email = getCookieValue('funnel_email'); error_message = prev_email + " is not valid. Please try again"; error.innerHTML = error_message; error.style = ''; } }); if (false) { initCaptchaFormV2(); } } function initCaptchaFormV2() { var v3RecaptchaResponseEl = document.getElementById('recaptcha-response-v3'); v3RecaptchaResponseEl.parentNode.removeChild(v3RecaptchaResponseEl); var wrappingDiv = document.getElementById('email-submission'); var subForm = wrappingDiv.getElementsByClassName('email-submission')[0]; var captchaVersion = document.createElement('input'); captchaVersion.class = 'g-recaptcha hidden-input'; captchaVersion.type = 'hidden'; captchaVersion.name = 'g-recaptcha-response-v2'; captchaVersion.value = 'true'; subForm.appendChild(captchaVersion); var captchaEl = document.createElement('div'); captchaEl.id = 'verify-your-humanity'; subForm.prepend(captchaEl); var captchaApiScriptEl = document.createElement('script'); captchaApiScriptEl.src = 'https://www.recaptcha.net/recaptcha/api.js?onload=onloadCallback&render=explicit'; captchaApiScriptEl.async = true; captchaApiScriptEl.defer = true; document.head.appendChild(captchaApiScriptEl); } window.addEventListener('DOMContentLoaded', (event) => { initForm(); }); if(typeof hp_interval == 'undefined') { var hp_interval = 0; var hp_ts = 0; var hp_try = 0; jQuery(document).ready(function ($) { hp_interval = setInterval(function(){ $('input.hp_ts').val(hp_ts); hp_ts += 1; if(hp_ts >= 180) { clearInterval(hp_interval); } },1000); $('.email-submission:not(.prevent-default)').submit(function (e) { var form = $(this); if(hp_ts < 3 && hp_try < 1) { e.preventDefault(); if (form.find('.email-form-submit-message').length < 1) { form.find('.email-form-wrap').after('<p class="email-form-submit-message" style="padding: 0em 1.5em;">Too fast! Are you a human? Try again please.</p>'); } hp_try += 1; hp_ts = 0; $('input.hp_try').val(hp_try); } }); }); } </script> <div class="email-signup" id=email-submission> <div class="funnel-error" style="display:none;"></div> <form class="email-submission " id="exit-popup-general" action="https://cms.thehustle.co/api/v1/contacts/wordpress_create" method="post" autocomplete="email"> <div class="email-form-wrap"> <input class="funnel-source hidden-input" type="hidden" name="source" value="daily"> <input class="funnel-campaign hidden-input" type="hidden" name="campaign" value="4/02 - RAIN"> <input class="funnel-medium hidden-input" type="hidden" name="medium" value="email"> <input class="funnel-form-id hidden-input" type="hidden" name="form-id" value="exit-popup-general"> <input class="funnel-referral hidden-input" type="hidden" name="referral_code"> <input class="funnel-fail-url hidden-input" type="hidden" name="fail_url" value=""> <input class="funnel-ip-country-wordpress hidden-input" type="hidden" name="ip_country_wordpress" value="US"> <input class="funnel-submission-url hidden-input" type="hidden" name="submission_url" value="https://thehustle.co/myfitnesspal-hacked/?utm_campaign=4%2F02+-+RAIN&utm_content=myfitnesspal-hacked&utm_medium=email&utm_source=daily"> <input class="funnel-a hidden-input" type="hidden" name="a" value=""> <input class="funnel-c hidden-input" type="hidden" name="c" value=""> <input class="funnel-o hidden-input" type="hidden" name="o" value=""> <input class="funnel-oc hidden-input" type="hidden" name="oc" value=""> <input class="funnel-e hidden-input" type="hidden" name="e" value=""> <input class="funnel-f hidden-input" type="hidden" name="f" value=""> <input class="funnel-r hidden-input" type="hidden" name="r" value=""> <input class="funnel-t hidden-input" type="hidden" name="t" value=""> <input class="funnel-s1 hidden-input" type="hidden" name="s1" value=""> <input class="funnel-s2 hidden-input" type="hidden" name="s2" value=""> <input class="funnel-s3 hidden-input" type="hidden" name="s3" value=""> <input class="funnel-s4 hidden-input" type="hidden" name="s4" value=""> <input class="funnel-s5 hidden-input" type="hidden" name="s5" value=""> <input class="funnel-success-url hidden-input" type="hidden" name="success_url" value="https://thehustle.co/new-thank-you-v2/"> <input id="recaptcha-response-v3" class="g-recaptcha hidden-input" type="hidden" name="g-recaptcha-response" value=""> <div class="signup-icon" style="display:none;"> <svg width="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M22 6c0-1.1-.9-2-2-2H4c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V6Zm-2 0-8 5-8-5h16Zm0 12H4V8l8 5 8-5v10Z" fill="#848B92"></path></svg> </div> <input type="hidden" name="hp_ts" class="hp_ts" value="0"> <input type="hidden" name="hp_try" class="hp_try" value="0"> <input type="text" name="first_name" placeholder="Enter your name" value=""> <input class="signup-email" type="email" name="email" placeholder="Your email address" required autocomplete="email"> <input class="email-submit om-trigger-conversion" type="submit" value="Join Free"> </div> <div class="validate-mistake-emails-message" style="display:none;"></div> <div class="form-options" style="display:none"> <div class="form-options-wrap"> <div class="trends-opt-in"> <input id="trends_opt_in_email_submission" class="trends-opt-in-checkbox" type="checkbox" name="trends_opt_in"> <label for="trends_opt_in_email_submission" id="trends_opt_in_label" class="trends-opt-in-text">Yes, I’d like to receive additional marketing emails on hot business opportunities from Trends, by the Hustle.</label> </div> <div class="privacy-text"> <p>We're committed to your privacy. The Hustle uses the information you provide to contact you about our relevant content and services. You may unsubscribe from these communications at any time. For more information, check out our <a href="https://thehustle.co/privacy">Privacy Policy</a>.</p> </div> </div> </div> <div submit-success> <template type="amp-mustache"> <p class="c-message c-message--success">Thank you for subscribing.</p> </template> </div> <div submit-error> <template type="amp-mustache"> <p class="c-message c-message--failed">Your submission failed. Please try again!</p> </template> </div> </form> </div>