These days it feels like no one’s data is safe—a lesson hitting home for 150 million users of fitness tracking app MyFitnessPal.
Following a data breach by an unknown party in February, Under Armour—MyFitnessPal’s parent company—released an email on March 29 notifying users of the incident. In the email, Under Armour explained that the hack was initially discovered on March 25, and “the affected information included usernames, email addresses, and hashed passwords—the majority with the hashing function called bcrypt used to secure passwords.” A press release was also posted on the MyFitnessPal website on March 29.
Here's a portion of Under Armour's email:
Security breaches have become increasingly common over the past few years, so brand communicators would do well to plan ahead for such an incident. It’s unclear if Under Armour was prepared beforehand, since four days passed between the discovery of the hack and the company’s response. (A representative from Under Armour was unavailable for comment.)
Under Armour’s email about the breach is well-crafted and clear about what exactly happened, what steps the company is taking to rectify the situation and what users can do in the interim to attempt to protect their data. But it doesn’t explain why it took a month for Under Armour to realize the breach had occurred, and why it didn’t alert MyFitnessPal users the moment it was detected.
The company’s stock fell by nearly 4% in after-hours trading following the press release.
Follow Hayley: @that_hayley