Cyberthieves hit Under Armour fitness app, affecting 150 million users

By John Adams March 29, 2018, 5:16 p.m. EDT 1 Min Read

Like a crime wave, data leaks and vulnerable static identifiers show no sign of abating, as MyFitnessPal became the latest in a string of sites to have users' data exposed trough usernames and hashed passwords.

Under Armour bag — A pedestrian carries an Under Armour Inc. shopping bag in downtown Chicago, Illinois, U.S., on Monday, Oct. 16, 2017. Under Armour must improve and expand its footwear business to counter constant challenges to its apparel market share from new entrants, most recently Amazon.com. Photographer: Christopher Dilts/Bloomberg

Under Armour, which operates the food and nutrition app, on March 25 became aware of unauthorized access to data associated with user accounts that occurred in late February.

Usernames, email addresses and hashed passwords were accessed, according to a release from UnderArmour, who said 150 million user accounts were affected. While still widely used, static passwords have long been criticized as a authentication method, and calls for replacing static identifiers have increased as data breaches have accelerated over the past few years.

Social Security numbers and driver's license numbers were not affected, nor was payment card data, which is collected and processed separately, the company said in a release.

Four days after learning of the attack, Under Armour began notifying users via email and in-app messaging. Users will be required to change their passwords and are being urged to do so immediately.

Executive Editor, Payments, American Banker

For reprint and licensing requests for this article, click here.

Personally identifiable information

MORE FROM AMERICAN BANKER

Litigation

Appeals court hears CFPB argument for 90% reduction in force

Firing 90% of the Consumer Financial Protection Bureau's staff and stripping it down to "the statutory studs" is lawful, an attorney for the CFPB told an appeals court.

By Kate Berry

May 16
Compensation

Texas credit union's members OK merger with big CEO payout

The merger, which provides for $6.75 million in payments to three Space City Credit Union executives, had drawn criticism. But Space City members approved it by an 82% to 18% margin.

By Kevin Wack

May 16
Industry News

Jennifer Lassiter joins Standard Chartered as head of digital assets, Europe

Standard Chartered Bank hired a new head of digital assets, Europe and Americas; Provident Financial Holdings has a new chief financial officer; Bank of America is opening four branches in Boise, Idaho; and more in this week's banking news roundup.

By Editorial Staff

May 16
Cyber security

Coinbase breach highlights insider threat risks for financial sector

Bribed overseas contractors accessed internal systems, triggering a monthslong breach with costs reaching up to $400 million.

By Carter Pape

May 16
Politics and policy

Conservatives block tax bill, including bank-favored riders

In a dramatic move, conservative hardliners blocked President Donald Trump's tax and spending bill, which would have included many measures favored by banks.

By Claire Williams

May 16
Payments

Global Payments pushes 'command center' to battle rivals

The payment company's restructured Genius point of sale system is designed to cover all types of merchants to keep them away from other processors and fintechs.

By John Adams

May 16