Under Armour Data Breach

          Under Armour Company runs an app called MyFitnessPal, and in March 2018, it was reported by the company that some unauthorized access has been observed to its 150 million accounts of their app MyFitnessPal. The company revealed that approximately 150 million accounts have been compromised due to this data breach. It is important to mention here that MyFitnessPal is one of the famous apps developed by the company, which deals in food and fitness tracking. This app started working in 2005 and has been one of the major successors for the company, since it acquired this app in 2015. The users of MyFitnessPal app are able to monitor their calorie intake as well as keep an eye on their fitness & exercise . It has been observed in many cases that when any of such kind of breach happens, the companies look hesitant in the beginning to accept it and share it with the ones, who have been affected. But it is not the case with Under Armour, as they were quick enough to accept this breach and inform public and its users about the nature of this data breach. The General Data Protection Regulation (GDPR) started working in May 2018, which will resolve this problem of delaying information for data breaches as companies will have to report the incidence as early as possible. However the response of Under Armour was commendable as they quickly notified their all app users about the incident of data breach and asked them to immediately change their passwords

            Over the years, there have been significant events of data breaches involving various largest companies, and these incidents are lesson for many companies that when they have data in online spaces, then they should develop strong systems and ensure that there is no weakness in their system to make them vulnerable for any cyber-attacks, otherwise end result is the data breach like happened in Under Armour case. It has been observed that company had taken various precautions, but still they were victim of this cyber-attack. The company has implemented various functions to protect data like they had installed function named “bcrypt”, which is used for password hashing so that passwords are secured, and such functions makes it even harder for the hackers to hack or crack passwords. Still, the data breach is very alarming not only for Under Armour, but for many other companies as well, which also asking them to be more proactive in their security approach, otherwise they can be the next target of these cyber attackers and hackers

            It is important to look at more closely that what kind of data was stolen from Under Armour’s app. The details shared by the company revealed that compromised data of app users not only included their email addresses and user names, but even hashed passwords were also compromised. It is said that hashed passwords cannot be read by the human eye, but with the help of some algorithms, the hackers can crack these passwords to use. But still, this process is extremely impossible to happen and credentials can remain safe, even when hackers do have hashed passwords. It is a fact that hashed passwords were considered safe, but when company knew about data breach, they notified users, and to be one the safe side, users were also asked to change their passwords as soon as possible. It was also revealed by the company that hackers were not able to access their financial information as their financial and payment information system works separately from their users’ information system. The compromised personal information can be used by hackers for various purposes, which gives a lesson that companies and users should be more concerned about their online data security

            It is also critical to analyze that where things went wrong for Under Armour that their data was breached. It is vital to know this because such information can be helpful for other companies to be more proactive and ensure that they have covered every weakness in their system. The details showed that company was failed to properly salt as well as encrypt passwords. It was explained that data breach of passwords could not have been possible, if passwords would have been properly salted. It was quite strange on part of the company that only few passwords were hashed, and why others were left to be attacked, this question is still unanswered. The bcrypt passwords cannot easily be broken by hackers, but if they have not been salted properly with relevant processes, then they can also be breached. It is important for users to know as well that they should not use similar passwords for various accounts in online space, and also should not reuse old passwords as it becomes easier for hackers to attack such users, who have used similar passwords at various platforms. The users as well as companies should be extra cautious in this regard

            After looking at various facts of the case, it is quite evident that Under Armour was not that much negligent in protecting the data of its users. The company was following various advanced systems to protect data like they were using hashed passwords, which cannot be broken by attackers as human eye can’t even read hashed passwords. But still, such data breach is a concerning issue, not only for Under Armour but for many other companies. The company also revealed that exercise data of users was not hacked in this data breach incident, rather only email and user names were compromised. However, whatever has been compromised is still a threat for users and it is quite worrisome issue for the apps or companies, who collect a lot of personal data and information of users