Like a crime wave, data leaks and vulnerable static identifiers show no sign of abating, as MyFitnessPal became the latest in a string of sites to have users’ data exposed trough usernames and hashed passwords.
Under Armour, which operates the food and nutrition app, on March 25 became aware of unauthorized access to data associated with user accounts that occurred in late February.
Usernames, email addresses and hashed passwords were accessed, according to a release from UnderArmour, who said 150 million user accounts were affected. While still widely used, static passwords have long been criticized as a authentication method, and calls for replacing static identifiers have increased as data breaches have accelerated over the past few years.
Social Security numbers and driver’s license numbers were not affected, nor was payment card data, which is collected and processed separately, the company said in a release.
Four days after learning of the attack, Under Armour began notifying users via email and in-app messaging. Users will be required to change their passwords and are being urged to do so immediately.