Categories: Data BreachData Security

MyFitnessPal Under Armour Data Breach

Under Armour announce a data breach of MyFitnessPal user data

The fitness company Under Armour have announced a data breach involving about 150 million users of it’s MyFitnessPal service

Details of the breach

In a statement the company said that on the 25th March, MyFitnessPal became aware of a breach that happened in February this year when an unauthorised party accessed the details of around 150 million users.
The data included usernames, email addresses and passwords, though they believe the majority of passwords were encrypted when stolen.
They state that no payment information was taken in the breach, and no personal information was taken from the user accounts.

Changing your password

We suggest that MFP users change their password immediately, however that’s not as easy as it should be, and the tools to guarantee security are not available from the MFP site.
But, to change your password (You need to do this on a computer, the MFP app for some reason does not have the functionality to change password details, and using the mobile website is difficult as the menu option you require is hidden under a banner that you can’t move, ironically the banner is informing you of this very breach!)

  • Go to http://www.myfitnesspal.com
  • Log in with your username and password
  • Go to the HOME tab
  • Click on SETTINGS in the blue bar
  • Click on CHANGE PASSWORD in the options and follow the prompts

What you’ll notice is that you are not asked to log back into the website or your mobile app even after changing the password, it appears that the logon token that was created with the stolen username/password remains valid after change the details.
Also, you’ll notice there’s no way of looking at what sessions your account is logged in from, so someone could have already accessed your account (remember, the actual data breach was in February) and be logged in elsewhere in the world and you changing your password will not kick them out.

Deleting Your Account

If you’re not happy with letting Under Armour keep your data after this breach, you can close your MFP account and delete your data.

  • Go to http://www.myfitnesspal.com
  • Log in with your username and password
  • Go to the HOME tab
  • Click on SETTINGS in the blue bar
  • Click on DELETE ACCOUNT in the options and follow the prompts
        <a href="mailto:it@tinsleynet.co.uk" role="button">
                    it@tinsleynet.co.uk
                </a>
        <a href="tel:+447825650122" role="button">
                    07825 650122
                </a>
        <a href="/contact" role="button">
                    Contact Us
                </a>
Share
Leave a Comment
Leave a Comment
Tags: data breachData SecurityMFPUnder Armour
7 years ago