Category: Data Breach

MyFitnessPal Data Stolen

Sportswear brand Under Armour announced that its subsidiary MyFitnessPal suffered a significant data beach, compromising up to 150 million accounts.

The account information involved includes user names, email addresses and hashed passwords, but no financial information such as credit card numbers or identifiers such as social security numbers.

The breach has not exposed particularly sensitive user data, but it does affect a huge number of users and this has caused Under Armour’s stock to drop 4 percent. The breach occurred in February but was only identified in March. The company has been working to notify affected users and is expected to work with the police and data security firms to trace the source of the breach.

“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” Under Armour said in a statement. “The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”

In this case, the data storage was robust and the hackers have 150 million email addresses to sell but there’s little else they can do with the data.

If you are a registered user of MyFitnessPal – change your password immediately and if any of your other accounts have the same login and password then change them as well as hackers will try to find other accounts in your name.

Users of MyFitnessPal should be wary of emails in the coming weeks as there are likely to be scam messages and in particular may be messages that appear to be from MyFitnessPal but are from scammers.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

UBER Data Breach

UBER continues to be in the News for the wrong reasons – licensing issues, working conditions and pay for the drivers and data security.

But, are UBER maintaining customer data and driver data securely?

UBER suffered a huge data breach in 2016. The records of 57 million customers and drivers  were accessed by a hacker.

Uber only publicly disclosed the existence of the data breach in November 2017 close to a year after learning that hackers had infiltrated their systems.

The Uber Business

Between 2009 and 2016, UBER received around $11.5 billion in venture capital and private equity investment. It operates in 83 countries and 674 cities. UBER’s gross revenue in 2016 is reported to be about $20 billion.

UBER has 160,000 active drivers of which 14% are female. The drivers earn an average of $364 per month.

Uber’s Response

Uber said that of the 57 million people’s records accessed, about 2.7 million are British although it cannot be sure as it doesn’t always know the home country of its customers. Uber has about 5 million Britons on its systems.

For UK users, Uber stated that the affected data is names, mobile phone numbers and email addresses. The experts hired by Uber to investigate the data breach did not believe customers’ financial details were leaked.

However, its use may make other scams, such as bogus emails or calls appear more credible. People should continue to be vigilant and follow the advice from the National Cyber Security Centre (NCSC).

Uber says it is waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised.

Uber say “We are continuing to work with the NCSC plus other relevant authorities in the UK and overseas to ensure the data protection interests of UK citizens are upheld.”. The UK’s data protection commissioner expects Uber to alert affected users as it gets more information.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature