MyFitnessPal Under Armour Data Breach

Published by tinsleyNET Admin on

Under Armour announce a data breach of MyFitnessPal user data

The fitness company Under Armour have announced a data breach involving about 150 million users of it’s MyFitnessPal service

Details of the breach

Under Armour LogoIn a statement the company said that on the 25th March, MyFitnessPal became aware of a breach that happened in February this year when an unauthorised party accessed the details of around 150 million users.
The data included usernames, email addresses and passwords, though they believe the majority of passwords were encrypted when stolen.
They state that no payment information was taken in the breach, and no personal information was taken from the user accounts.

Changing your password

MyFitnessPal IconWe suggest that MFP users change their password immediately, however that’s not as easy as it should be, and the tools to guarantee security are not available from the MFP site.
But, to change your password (You need to do this on a computer, the MFP app for some reason does not have the functionality to change password details, and using the mobile website is difficult as the menu option you require is hidden under a banner that you can’t move, ironically the banner is informing you of this very breach!)

  • Go to http://www.myfitnesspal.com
  • Log in with your username and password
  • Go to the HOME tab
  • Click on SETTINGS in the blue bar
  • Click on CHANGE PASSWORD in the options and follow the prompts

What you’ll notice is that you are not asked to log back into the website or your mobile app even after changing the password, it appears that the logon token that was created with the stolen username/password remains valid after change the details.
Also, you’ll notice there’s no way of looking at what sessions your account is logged in from, so someone could have already accessed your account (remember, the actual data breach was in February) and be logged in elsewhere in the world and you changing your password will not kick them out.

Deleting Your Account

If you’re not happy with letting Under Armour keep your data after this breach, you can close your MFP account and delete your data.

  • Go to http://www.myfitnesspal.com
  • Log in with your username and password
  • Go to the HOME tab
  • Click on SETTINGS in the blue bar
  • Click on DELETE ACCOUNT in the options and follow the prompts
        <a href="mailto:it@tinsleynet.co.uk" role="button">
                    it@tinsleynet.co.uk
                </a>
        <a href="tel:+447825650122" role="button">
                    07825 650122
                </a>
        <a href="/contact" role="button">
                    Contact Us
                </a>
Categories: Data BreachData Security
Tags:

0 Comments

What are your thoughts?

Related Posts

Home Office GDPR
Data Protection Act 2018

Understanding how GDPR fits into the new normal.

There are so many benefits to working from home, and with the enforced home working caused by the coronavirus lockdown, it's suddenly a more appealing prospect. But with home workers there are some extra data security measures you need to consider and plan for. #WeCanHelp #GDPR #HomeWorking

WorkFromHomeC19
Business Development

The Office (after Coronavirus)

The new normal doesn't have to be the old normal. With the benefits of working from home realised, your business can move to a more dynamic working arrangement with home office remote workers, a smaller office space and a greener future.

Facebook Tombstone
Data Security

Digital Life After Death

Without proper planning, your digital legacy might end up causing more distress to your loved ones, with inaccessible social media accounts, no control over comments being left, and possibly lost treasured memories.