BALTIMORE (AP) - Sports apparel merchant Under Armour has become the latest victim of a massive digital theft of sensitive information about tens of millions of customers.
The Baltimore company disclosed Thursday that an intruder grabbed the email addresses and login information during a February break-in affecting about 150 million users of its food and nutrition website, MyFitnessPal.
For the last few years, Meredith Oaks used the app to get in shape. It tracked what she ate, how much she exercised and logged every step.
"Every place I walked, every time I went to the gym. Everything I did," she said. "Essentially it was a GPS on my life and nutrition."
A few days ago, Oaks received an email from Under Armour, warning her of what experts call the largest data breach of 2018 so far. The sports retailer urged her to immediately check her account and change her password.
Oaks decided against logging in on the website.
"I just stopped using it," she said. "Actually, I need to delete it from my phone."
Alex Mayo, who often jogs on Austin's Hike and Bike trail, did the same thing.
"I completely dumped it," he said. "I have an idea of what I'm eating now. But, I'm not using it anymore."
Under Armour says the hacker didn't obtain any payment information, Social Security numbers or driver's license numbers. That means this break-in is unlikely to require credit and debit cards to be replaced or raise the specter of identity theft, as happened with big breaches affecting retailer Target and credit reporting agency Equifax that resulted in the departures of their CEOs.
Still, Under Armour says it is requiring all MyFitnessPal users to change their passwords.
Cyber security experts say small details on an account can lead to big moneymaking results for thieves.
"Most consumers, even though they know they're not supposed to, use that same login and password for multiple sites," said Lou Senko, the chief information officer at Q2, an ebanking company. "What happens is can they get into a bank account and use that credential."
Cyber security experts say health information, like the kind stored in My Fitness Pal, is fast becoming more valuable than credit cards to hackers. Stolen health identities can lead to fraudulent insurance claims that yield thousands of dollars or drugs.
"As you think about where insurance companies are going to go, it's scary when health information gets out there," said Senko.
Information from: The Baltimore Sun, http://www.baltimoresun.com
Comment on this story below: