150 Million MyFitnessPal Accounts Breached, Panera Exposes 37 Million Users' Records, and more!

11 views

Skip to first unread message

Mazin Jindeel

unread,

Apr 5, 2018, 11:19:16 AM4/5/18

to Infosec News

INFORMATION SECURITY NEWS

For The Week of 3/27-4/3 2018

The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.

CURRENT NEWS

150 Million MyFitnessPal Accounts Breached

Data from 150 million MyFitnessPal accounts was stolen in February. The data includes user names, email addresses, and hashed passwords. Social security numbers, driver's license numbers, and payment information were not stolen. So far, this is the largest breach of 2018. Under Armour, the owner of MyFitnessPal, saw their stock drop 3% after they disclosed the breach.

https://www.reuters.com/article/us-under-armour-databreach/under-armour-says-150-million-myfitnesspal-accounts-breached-idUSKBN1H532W?il=0

Grindr Sharing HIV Status, Location Data

Grindr has provided users’ profiles to two app optimization companies, Apptimize and Localytics. User profiles can include HIV status, “last tested date”, and location. This information can be used to identify individual users, as well as their HIV status. Both Grindr and the third-party companies say that user data is not being sold or misused, but it is probably not necessary to share.

https://www.buzzfeed.com/azeenghorayshi/grindr-hiv-status-privacy

Panera Leaves 37 Million of Customer Records Unprotected

Panera left the names, emails, and physical addresses of around 37 million customers accessible in plain text on their website. Panera was notified of the breach in August of 2017, but didn’t fix it until March 2018, almost 8 months later. During that time, the data was completely exposed online. Panera also downplayed the extent of the data exposure to news outlets, reporting that less than 10,000 customers were known to be affected. It’s not clear if anyone maliciously accessed the records while they were exposed. Their website also had exposed admin logins. Ironically, Panera’s director of Information Security was the former director of information security at Equifax.

https://gizmodo.com/panera-breads-website-reportedly-left-millions-of-custo-1824274058

Reply all

Reply to author

Forward

0 new messages