On March 25th, Under Armour was made aware that they had an unauthorized party gain access and acquire data associated with 150 million MyFitnessPal user accounts. The information they could’ve gathered includes, but is not limited to, usernames, email addresses, and hashed passwords. What are hashed passwords? Hashed passwords, from a high level, happen when passwords are ran through a mathematical function to create an encrypted version and a message authentication code (MAC) of a plaintext password. In MyFitnessPal’s case, they used a bcrypt hashing function, the same type that was used by formerly hacked Ashley Madison. After the Ashley Madison hack, the entire database and all password hashes were made available to the hackers of the world and now they have the password hashes of MyFitnessPal too.
What does this mean for those of you that have an account on MyFitnessPal?