My Fitness Pal is a nutrition app owned by the lifestyle brand Under Armour that allows users to count their calories and record their activity. In March 2018 the company announced that they had been responsible for a massive date breach impacting the personal information of 150 million accounts on their database. The information that was subject to the hack included user names, email addresses and passwords.
Under Armour publicly disclosed knowledge of the hack within a week of discovering the breach and reported that the incident took place in late February.
Under Armour had stated that they were using a respected protection method known as ‘bcrypt’ password hashing to convert their stored passwords into an unintelligible jumble of characters. This protection makes ‘cracking’ attempts extremely time-consuming for would-be hackers, with strong passwords potentially taking decades to break.
Unfortunately, it was later revealed that only a portion of Under Armour’s 150 million or so accounts were protected in this manner. Many of the accounts were encrypted using an outdated function known as SHA-1. It is thought that the transition between these encryption methods was mishandled, leaving many older accounts vulnerable to hacks.
If you’ve been affected by the My Fitness Pal/Under Armour hack, or have had your personal data hacked in a similar fashion, then get in touch with us today to find out how you could claim compensation against negligent data processors.