Under Armour Inc., joining a growing list of corporate victims of hacker attacks, said about 150 million user accounts tied to its MyFitnessPal nutrition-tracking app were breached earlier this year.
An unauthorized party stole data from the accounts in late February, Under Armour said on Thursday. It became aware of the breach earlier this week and took steps to alert users about the incident, the company said.
Shares of Under Armour fell as much as 4.6% to $15.59 in late trading following the announcement. The stock had been up 13% this year through Thursday's close.
The data didn't include payment-card information or government-issued identifiers, including Social Security numbers and driver's license numbers. Still, user names, email addresses and password data were taken. And the sheer scope of the attack — affecting a user base that's bigger than the population of Japan — would make it one of the larger breaches on record.
“Email addresses are valuable for spammers because the attackers would know that active, real users are behind these addresses,” said Engin Kirda, a professor at Northeastern University in Boston. “The dark web is usually where data like this is sold to the highest bidder.”
Boeing Breach
Under Armour's announcement comes a day after Boeing Co. said it was hit by a cyberattack. In that case, malicious software affected “a small number of systems,” the airplane manufacturer said on Wednesday.
The MyFitnessPal mobile app lets people track their calorie intake, diet and exercise routines. Under Armour agreed to buy the software in 2015, part of a bid to become the world's biggest tracker of fitness information. The idea was to expand upon the company's roots in athletic apparel and accessories.
Now the Baltimore-based company is grappling with the downside of owning a data-centric business. Under Armour has enlisted security firms to help with its investigation and is working with law enforcement to resolve the matter.
The company has been sending emails and in-app messages to users to alert them to the attack. It's urging customers to change their passwords immediately.
Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
