Athletic apparel brand Under Armour announced that a data breach exposed details of over 150 million MyFitnessPal users. The leaked data includes usernames, email addresses, and hashed passwords, but government-issued identifiers like social security numbers and driving licenses were not compromised as the app doesn't collect that information. Similarly, credit card numbers were not leaked.
MyFitnessPal first detected the intrusion — believed to have occurred sometime in late February — on March 25, following which it started coordinating with law enforcement authorities and data security firms to understand the scope of the attack.
From the press release
The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users. Payment card data was also not affected because it is collected and processed separately. The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.
Under Armour acquired the food and nutrition app back in 2015 for $475 million, and has seen its userbase nearly double over the last three years. If you're a MyFitnessPal user, you should immediately change your password. To know more about the breach and the nature of the data compromised, head to MyFitnessPal's FAQ section detailing the breach.
