The MyFitnessPal app disclosed a facts breach ultimate yr affecting as many as one hundred fifty million users. Now, a number of the ones stolen credentials are doping up for sale on the darkish web.
Not best is records from Under Armour’s MyFitnessPal, a weight loss plan and workout community, being offered, but hackers also have their arms on credentials from 15 other websites. The asking charge: Less than $20,000 in Bitcoin, in keeping with a document from The Register.
Erin Wendell, a spokesperson for MyFitnessPal, said customers had been required to change their passwords after the breach turned into suggested closing March, so any stolen credentials are no longer legitimate at the web site.
“We responded hastily to alert customers and have for the reason that required all MyFitnessPal users who had no longer modified their passwords because that March 29, 2018 announcement, to reset their passwords. As a result, passwords previously used for MyFitnessPal on the time of the records security problem are not legitimate on MyFitnessPal, and we maintain to encourage sturdy password practices together with unique and complicated passwords for all their debts to permit customers to similarly protect themselves,” she said.
While it doesn’t sound like hackers can be in a position to check on what MyFitnessPal users ate for breakfast, the leaked credentials might be a hassle for those who reuse passwords across a couple of websites. The passwords appear to be hashed and encrypted, but a consumer should cross-reference breached email addresses with previous hacks to see if someone reused a password.
Another website protected in Valentine’s Day hearth sale, the relationship app Coffee Meets Bagel, despatched customers an email on Thursday to inform them that they learned of a breach on February eleven, the identical day The Register‘s document become published. A partial list of names and email addresses are believed to be the handiest statistics compromised. The e-mail did now not say what number of customers may have been uncovered.
The other websites referred to in The Register’s record are Dubsmash, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, Artsy, and DataCamp.
One way to fast check to peer in case your credentials were breached is to go into your e-mail address at HaveIBeenPwned.Com. While the web site doesn’t say wherein your records changed into leaked, it can let you know what number of data dumps include your e-mail cope with. Whether you’ve been “pwned” or not, safety experts also advise which you often change your passwords and use one specific password per website online.