MyFitnessPal Data Breach Case Study

Verified

Added on 2019/09/23

AI Summary

This case study analyzes the 2018 MyFitnessPal data breach, where personal information of 150 million users was compromised. The study explores the nature of the breach, including the types of data exposed (names, email addresses, and passwords), and discusses the potential reasons behind the security lapse, such as phishing, hacking, and malware attacks. It also examines the impact of the breach on the company and its users, and suggests preventative measures that could have been taken to avoid the incident. The study highlights the importance of robust cybersecurity practices and the need for organizations to prioritize data protection.

TASK 1
1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Task 1:
The cyber security breaches have become one of the most threatening factors for the internet
users. The users of internet often need to share their personal information over internet. However
, due to increasing use of internet, everyday this huge amount of data , uploaded by the users are
being exposed to thousands of security threats on regular basis. Although the sites on the internet
are taking several steps to protect themselves from the security threats, still there are many
instances which reveals vulnerability of the data shared on internet. The current research deals
with analysis on the recent incident of data security breach from the health app, MyFitnessPal. In
March, 2018, the security of the personal data of the millions of MyFitnessPal users was
compromised. In the research , nature of the problem was analyzed and discussed. The research
also includes discussion on how and why the problem has occurred. In this study, the researcher
has also discussed how the incident of security breach could have been prevented.
Analyzing the problem:
The fitness app, MyFitnessPal has approximately 150 million users. The app collects personal
details of the users. Recently, in March 2018, the personal data of the 150 million users was
affected due to the security hacks. As reported by the owner organization, Armour , it is one of
the biggest security hacks in the history. As notified by the organization, Armour, the names of
the users, their e-mail addresses and the passwords. In addition, the owner organization has also
informed that the payment details of the users were not affected due to the security hack. The
accounts of the users were hacked in February, 2018. The incident of hacking reduced share of
the organization down upto 3% in the after-hours trade. The company has not recognized the
breach till 25th march and informed its users 4 days later.
Discussion on the cyber security breach of MyFitnessPal indicates that security of the financial
data of the users was not compromised. However, security breach of the e-mail addresses of the
users can have devastating effects. Stealing of the data stored by MyFitnessPal App is considered
as several times more valuable than the financial data stealing. The app, MyFitnessPal, stores
huge amount of personal data which can be effective for tracking an individual. The personal
information regarding the individuals is considered as an excellent source of intelligence for the
hackers. In case of MyFitnessPal app, the location as well as the performance of the individuals
2

according to privacy policy of the app. In addition, the information shared by the users
voluntarily with the app also can be used as a source of intelligence.
https://www.theguardian.com/technology/2018/mar/30/hackers-steal-data-150m-myfitnesspal-
app-users-under-armour
How and why the problem has occurred:
The data breach of the MyFitnessPal app has occurred in February 2018 although the
organization had discovered it in March, 2018. The hackers who were behind the data security
breach are not identified yet. The organization has informed that it is still working with the
leading data security firms to explore the reasons behind the security breach. The organization
has not provided any detailed information regarding how the hackers were able to get access to
the data.
However, after the breach has been occurred, the password of the accounts and the links from
suspicious sources were considered as vulnerable for the data security. Therefore, the users were
requested to review their accounts and change the password after the security breach was
identified. The app does not deal with the information like the driving license number or the
social security number. So, such information of the users has not been disclosed due to the
security breach. The financial details of the users such as the credit card related information is
processed differently than the other types of information. So, the financial data security was not
affected any way.
As the risks of hacking are increasing every day, no app or website can be considered as
completely safe. The hackers are always looking for new ways to breach the security of
information spread over the internet. Therefore, the organizations, which share the data of
customers over the internet, require focusing on enhancing the security of the information. The
potential reasons behind the security attack can be the phishing, hacking and the malware threats,
mistakes done by the employees or any improper action taken by them, the external
theft related activity, the internal theft , the risks posed by the vendors and the improper
disposal of the data.
Phishing, hacking and malware attacks:
3

In 2014, the human error was considered as one of the leading causes behind the data
security attack. Often the individuals who use the data published over internet do not
remain aware of the security risks as well as the best practices to protect the data
from a number of security threats. Because of the improper actions taken by these
individuals , the data shared on the internet get exposed to the higher security risk.
2. Employee action or mistake (24%)
3. External theft (17%)
4. Vendor (14%)
5. Internal theft (8%)
6. Lost or improper disposal of data (6%)
 What the problem was;
 How and why it occurred;
 What could have been done to prevent it.
4