Yesterday, Under Armour confirmed that a data breach has affected approximately 150 million MyFitnessPal accounts. Initial reports suggest that stolen data may include user names, email addresses, and hashed (not plain-text) passwords.
Evgeny Chereshnev, CEO and founder of Biolink.Tech, said: "150 million hacked accounts is hugely significant, especially because most users use the same pairs of logins and passwords across multiple sites. Hackers will break the weakest point; in this case a fitness tracker database, and they can use this information to access users' emails, social networks and more.
"When users are notified about changing passwords following a breach, more often than not they do so in a predictable way such as adding a 1 or a ! at the end, but these algorithms are known by hackers.They use machine learning and AI too - it's not like that's only available to the good guys, right?
"Hackers can also match these stolen email addresses and passwords to other known databases of stolen credit card numbers, social security numbers, behavioural data bought from brokers etc. With this aggregated data, hackers can build up a pretty detailed profile of a user.
"If these hackers were able to match these stolen login credentials to the users' actual fitness data, just imagine what could happen. Having this level of data would allow hackers to know that Mr Smith has a very specific and predictable pattern of behaviour. Fitness trackers don't only track calories and the number of steps a person walks in a day; it also knows where people are and at what time. For hackers wanting to specifically target a certain person, this data is a gold mine."