MyFitnessPal is a smartphone app that tracks users caloric and macro intake. It used to be a lone app, however, in 2015 it was purchased by Under Armor for $475million.
The hackers came away with the usernames, email addresses, and passwords of 150million users. Fortunately, they were only able to access the passwords in hashed form. Therefore, it is unlikely they will be able to do anything with them. Nevertheless, MyFitnessPal notified all users of the beach and is requiring the affected accounts to alter their passwords.
The following email was sent to all users:
According to British tech website ITPro “The hack is the third-biggest breach in history when measured by volume of affected accounts. Over 3 billion accounts were compromised by two record-shattering Yahoo breaches in 2013 and 2014, while 412 million users were hit by the breach of AdultFriendFinder and other sites under the FriendFinder Networks banner
Matthew Green, a cryptographer at Johns Hopkins University believes the hack likely came from a transition between the secure bcrypt hashing system, and the more vulnerable SHA-1 hashing system. The difference between the two software’s primarily come from their hashing speed. Bcrypt takes a long time to hash, therefore using a lot of computing power to do so. While, SHA is a much faster hash, yet, not as effective. For a general rule of thumb, the slower the hashing process is the safer the encryption process will be.
If you are worried your organization is not secure, feel free to reach out and see how we can help.
Don’t forget to register for our 4th annual Camp Secure Sense here. Camp Secure Sense is geared towards helping Canadian IT Security professionals improve their security practices, and better protect their organization. Don’t wait, Camp is over 90% booked!