Under Armor: hackers stole the data of 150,000,000 Myfitnesspal users because of course they didOn April 1, 2018 by Ilene
Myfitnesspal was a startup that offered Internet of Shit-based fitness and diet tracking; they were purchased by Under Armor for $475,000,000 in 2015; three years later, Under Armor has admitted that hackers stole the personal data of 150,000,000 Myfitnesspal users.
Internet of Things companies can’t be profitable — let alone a tempting acquisition target — through the sale of hardware; the margins are far too slim. By being maximally surveillant, IoT companies can amass deep dossiers of compromising personal information about hundreds of millions of users, something that big companies will pay hundreds of millions of dollars for.
Since IoT companies that don’t get acquired go under when their venture capitalists lose patience with them, every dollar they spend on information security is a dollar they can’t spend on keeping the lights on while they hope to get bought. Companies that go under face no liability for breaches, and companies that get acquired can fob off the consequences of breaches on their unlucky new owners. As a result, the Internet of Things security standard is a kind of “minimum viable security” — the thinnest membrane of security that prevents the product from detonating until the money runs out or someone else takes over.
The 150,000,000 user Myfitnesspal breach included usernames, emails and hashed passwords. Myfitnesspal has not revealed whether the hashed passwords also had per-user salts — a simple technique that makes it much, much harder to recover the cleartexts from a hashed password file.
The stolen data includes account user names, email addresses and scrambled passwords for the popular MyFitnessPal mobile app and website, Under Armour said in a statement. Social Security numbers, driver license numbers and payment card data were not compromised, it said.
It is the largest data breach this year and one of the top five to date, based on the number of records compromised, according to SecurityScorecard.
Under Armour says 150 million MyFitnessPal accounts breached [Jim Finkle and Nivedita Balu/Reuters]
Georgia is a hub for cybersecurity research, with leading university computer science and security programs and a new $35m state cybersecurity research center underway; but the Georgia state legislature just passed SB315, the most onerous prohibition on computer security research ever passed in the USA.
Calyx is an amazing nonprofit, privacy-oriented activist ISP (they were the first ISP to successfully resist a secret Patriot Act warrant); they are notable for offering an unlimited, unfiltered, unthrottled 4G/wifi hotspot for a tax-deductible $400 year (mine has repeatedly saved my bacon).
The Electronic Frontier Foundation is running an excellent series on the potential and pitfalls of secure messaging app — this is very timely given the ramping up of state surveillance and identity theft, not to mention anyone looking to #DeleteFacebook and transition away from Facebook Messenger.
There are plenty of us out there who enjoy the look of vintage speakers, but using them today isn’t necessarily practical. However, that’s not to say you can’t add some 1950’s flair to your listening setup. The Lofree Poison aims to combine a vintage aesthetic with 21st-century technology, and it’s on sale for $79.99 in the […]
Hailed for its versatility and user-friendly design, Python is one of the best first languages for aspiring programmers to learn. However, not all of us have a natural affinity for programming, but you can get the training you need without breaking the bank thanks to the Pay What You Want: Absolute Python Bundle.Here’s how the deal […]
The web may be vast, but competition to get noticed is still fierce. That’s why it’s essential to ensure your site is responsive, sharp, and SEO-oriented, so you can attract visitors and retain them. Of course, designing a website to fit these features is a lengthy endeavor, but you can sidestep the hassle with Dessign’s Premium […]