Under Armour: hackers stole the data of 150,000,000 Myfitnesspal users because of course they did


Originally published at: https://boingboing.net/2018/03/31/inevitable.html


Wait, an internet app for underwear had more users than the population of the France and Germany combined?


Great, we literally just downloaded that because we’re trying to lose a few pounds. Oh well, I haven’t logged into it yet anyway.


In bigger news, Myfitnesspal claims 150,000,000 users.

I don’t know a single one of them.


Like any fitness thing, it’s 150 million accounts, 1 million actual users.


…and it was acquired for 475 M$?


This kind of sloppy security and laissez-affaire with personal data won’t stop if there are no consequences. There needs to be a law making insurance mandatory for damages stemming from data breaches or something.


Sadly, with what seems to be a data security breach every other month, what insurance company would actually step up for this? They’d be out of business almost as fast as the IoT startups they insure.


Affecting their bottom line usually gets their attention. I suspected instituting something like an compulsory insurance would be easier than finding someone in a big company who is ultimately responsible and liable for a data breach.


No “breeches” puns yet? Or


And the data goes on the bankruptcy auction block without any confidentiality requirement?


By an underwear company? That’s a lot of pairs of undies.


Workout app purchased by a clothing company.


Once there are actual damages awarded and a few companies (and executives) burned to the ground, I think the insurance part will take care of itself.




This is not a believable number of users. They probably made that number up to tempt UA into acquiring them. If UA ever did any due diligence, I bet they’d find the vast majority of those accounts are fictional.


Nope. They have a very interesting business model.

They convince companies to offer their employees small ($150-$400 per year) discounts on their health insurance premiums if they track all kinds of health information, which is shared with the health company.

So there are literally hundreds of companies that are doing this, and most of their employees had to sign up for an account.

So I have no doubt their numbers are correct…


OH NO!! The knowledge that I’m a big guy who likes fresh fruit and veg could be used to target me with blueberry ads.


More like my insurance premiums will jump if they determine I like bagels a bit much and exercise too little. This effectively eliminates any monetary benefit I might get from the insurance kickback, and they still have my data.


Suggest you check the regulations on the insurance industry in your jurisdictiction.