So far, the company is taking all steps we’ve come to see as usual in these circumstances. They’ve notified their user base about the scope and scale of the attack, which impacted a hefty 150 million users. In conjunction with the announcement of the event itself, they assured their users that the theft of data was limited to user names, email addresses and encrypted passwords.
Although the stolen passwords are encrypted with bcrypt (which is a highly secure solution), the company is still recommending that all of the app’s users change their passwords immediately, just to be safe. Under Armour also assures its MyFitnessPal users that no credit card information was exposed.In a departure from the routine we’ve come to expect in situations like these, the company is also warning users to be aware that since their emails were stolen, they may be subject to phishing scams in an attempt to get more of their personal information.
That announcement, in part, reads as follows:
“Please note that the email from MyFitnessPal about this issue does not ask you to click on any links or contain attachments and does not request your personal data. If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by MyFitnessPal and may be an attempt to steal your personal data. Avoid clicking on links or downloading attachments from such suspicious emails.”
While Under Armour’s handling of the incident has been solid so far, one has to wonder how many more of these incidents we’ll see before companies start taking data security more seriously.