March 30, 2018 10:11 am
Updated: March 30, 2018 12:41 pm

150M MyFitnessPal accounts hacked, Under Armour urging users to change passwords

Assistant Deputy Minister of the Information Technology Security program at the Communications Security Establishment (CSE), Scott Jones, tells David Akin how Canadians can protect their privacy.

A A

Sportswear merchant Under Armour has become the latest victim of a massive data breach involving account information of tens of millions of users.

Under Armour informed MyFitnessPal users on March 29, 2018, that 150 million accounts were affected by a data breach that took place in February 2018. MyFitnessPal is an app designed for tracking diet and exercise.

WATCH: Facebook does data breach damage control

The company said in a statement that the affected data did not include government-issued identifiers, such as Social Security Numbers and drivers licenses, and only included usernames, email addresses and hashed passwords (hashing is a one-way mathematical function that converts an original string of data into a seemingly random string of data).

Story continues below

The statement also said payment data was not affected, as Under Armour collects and processes that data separately. That means this break-in is unlikely to require credit and debit cards to be replaced or raise the spectre of identity theft, as happened with big breaches affecting retailer Target and credit reporting agency Equifax, which resulted in the departures of their CEOs.

READ MORE: Canadians at higher risk of hacks, thanks to their smart devices: report

The Baltimore-based company became aware of the breach on March 25, 2018, and notified users of the incident four days later via an email alert. The company is currently unaware of the party behind the breach, though has launched an investigation into the matter.

“Once we became aware [of the breach], we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities,” the company said in a statement.

 

Under Armour is urging users to change their passwords immediately, which they can do by navigating to the “My Home” tab on the MyFitnessPal app or website, selecting “Settings” and then selecting “Change Password.”

 

Under Armour acquired MyFitnessPal in 2015 for US$475 million, when the platform had approximately 80 million users. Since then, the app’s user base has nearly doubled in size.

With files from the Associated Press. 

© 2018 Global News, a division of Corus Entertainment Inc.

Report an error

Comments

Want to discuss? Please read our Commenting Policy first.