One of the largest hacks in history: hackers obtained data from 150 million users of MyFitnessPal
March 29, users of the application MyFitnessPal, designed for calorie accounting and weight change, received a letter about hacking accounts . Hackers managed to get usernames, addresses and password hashes. Obtaining data on users in numbers larger than the population of Japan and Russia, makes this hacking one of the largest in the history by this indicator.
Shares of Under Armor Inc, which owns the application MyFitnessPal, fell by 4.6% .
On March 25, 2018, the MyFitnessPal team became aware of the unauthorized receipt by third parties of these user accounts. Information included logins, addresses, password hashes (the application uses bcrypt ). Fortunately, the data of social insurance cards (this applies to US citizens) and payment card data were not compromised. The company said that it is now conducting an investigation in conjunction with "leading organizations in the field of information security."
')
The users were given several recommendations :
That is, to behave as it should in principle always be done in terms of account security. And it is better not to use the same passwords for two or more applications. Hackers can organize the distribution of letters to received email addresses in order to identify active users - the sale of their data will be more profitable.
This is the largest hack in 2018 and one of the 5 largest in history according to the SecurityScorecard . Among the more massive hacks - 3 billion compromised Yahoo accounts in 2013. In 2016, the company talked about data theft of 500 million logins, passwords and dates of birth, and in 2017 it admitted that hackers obtained data from all accounts . After the mass attack on Yahoo, service users sued more than 40 lawsuits according to October 2017, including with formulations like "personal information is now in the hands of criminals or enemies of the United States . "
In November 2017, at a hearing in the US Senate, Marissa Mayer , the former head of Yahoo, apologized to users for hacking and accused the “Russian agents” of stealing data: “Unfortunately, despite all the methods of protection that Yahoo allowed to successfully repel as attacks from individuals , as well as state-sponsored hacker attacks, Russian agents infiltrated our systems and stole user data. ”
Another noticeable hack was the receipt of 412 million user accounts of adult dating sites on FriendFinder Networks Inc in 2016 . Due to the lack of foresight of the organization, about 99% of the data was deciphered. Moreover, in the case of FriendFinder Networks Inc, even remote users were at risk: over 15 million accounts remained in the database as email @ address.com @ deleted1.com. Of the 412 million accounts, about 900 thousand were protected by the difficult to select password "123456", in second place is its simplified version "12345". Particularly strongly concerned about the security of their accounts, users chose "123456789", "12345678" and "1234567890", and the real gurus - "password" and "qwerty".
The hackers of MyFitnessPal did not catch up with the number of accounts stolen by hackers who received 145 million eBay auction accounts. Attackers got into the hands of the names, email addresses, password hashes, home addresses, phone numbers and users birth dates.
Shares of Under Armor Inc, which owns the application MyFitnessPal, fell by 4.6% .
On March 25, 2018, the MyFitnessPal team became aware of the unauthorized receipt by third parties of these user accounts. Information included logins, addresses, password hashes (the application uses bcrypt ). Fortunately, the data of social insurance cards (this applies to US citizens) and payment card data were not compromised. The company said that it is now conducting an investigation in conjunction with "leading organizations in the field of information security."
')
The users were given several recommendations :
- Change passwords in all accounts in which they use similar or the same information as for MyFitnessPal
- Check all your accounts for suspicious activity
- Be careful with letters and messages that request personal information or redirect it to pages with such requests.
- Avoid suspicious email links
That is, to behave as it should in principle always be done in terms of account security. And it is better not to use the same passwords for two or more applications. Hackers can organize the distribution of letters to received email addresses in order to identify active users - the sale of their data will be more profitable.
This is the largest hack in 2018 and one of the 5 largest in history according to the SecurityScorecard . Among the more massive hacks - 3 billion compromised Yahoo accounts in 2013. In 2016, the company talked about data theft of 500 million logins, passwords and dates of birth, and in 2017 it admitted that hackers obtained data from all accounts . After the mass attack on Yahoo, service users sued more than 40 lawsuits according to October 2017, including with formulations like "personal information is now in the hands of criminals or enemies of the United States . "
In November 2017, at a hearing in the US Senate, Marissa Mayer , the former head of Yahoo, apologized to users for hacking and accused the “Russian agents” of stealing data: “Unfortunately, despite all the methods of protection that Yahoo allowed to successfully repel as attacks from individuals , as well as state-sponsored hacker attacks, Russian agents infiltrated our systems and stole user data. ”
Another noticeable hack was the receipt of 412 million user accounts of adult dating sites on FriendFinder Networks Inc in 2016 . Due to the lack of foresight of the organization, about 99% of the data was deciphered. Moreover, in the case of FriendFinder Networks Inc, even remote users were at risk: over 15 million accounts remained in the database as email @ address.com @ deleted1.com. Of the 412 million accounts, about 900 thousand were protected by the difficult to select password "123456", in second place is its simplified version "12345". Particularly strongly concerned about the security of their accounts, users chose "123456789", "12345678" and "1234567890", and the real gurus - "password" and "qwerty".
The hackers of MyFitnessPal did not catch up with the number of accounts stolen by hackers who received 145 million eBay auction accounts. Attackers got into the hands of the names, email addresses, password hashes, home addresses, phone numbers and users birth dates.
Source: https://habr.com/ru/post/357468/
All Articles