150M MyFitnessPal accounts hacked, Under Armour urging users to change passwords

Click to play video: 'Cybersecurity and privacy are no longer mutually exclusive: Jones'
Cybersecurity and privacy are no longer mutually exclusive: Jones
Assistant Deputy Minister of the Information Technology Security program at the Communications Security Establishment (CSE), Scott Jones, tells David Akin how Canadians can protect their privacy – Mar 25, 2018

Sportswear merchant Under Armour has become the latest victim of a massive data breach involving account information of tens of millions of users.

Under Armour informed MyFitnessPal users on March 29, 2018, that 150 million accounts were affected by a data breach that took place in February 2018. MyFitnessPal is an app designed for tracking diet and exercise.

WATCH: Facebook does data breach damage control

Story continues below advertisement

The company said in a statement that the affected data did not include government-issued identifiers, such as Social Security Numbers and drivers licenses, and only included usernames, email addresses and hashed passwords (hashing is a one-way mathematical function that converts an original string of data into a seemingly random string of data).

The statement also said payment data was not affected, as Under Armour collects and processes that data separately. That means this break-in is unlikely to require credit and debit cards to be replaced or raise the spectre of identity theft, as happened with big breaches affecting retailer Target and credit reporting agency Equifax, which resulted in the departures of their CEOs.

The Baltimore-based company became aware of the breach on March 25, 2018, and notified users of the incident four days later via an email alert. The company is currently unaware of the party behind the breach, though has launched an investigation into the matter.

“Once we became aware [of the breach], we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities,” the company said in a statement.
Story continues below advertisement


Under Armour is urging users to change their passwords immediately, which they can do by navigating to the “My Home” tab on the MyFitnessPal app or website, selecting “Settings” and then selecting “Change Password.”


MyFitnessPal alerted users to a potential data breach Thursday night affecting 150 million accounts.
MyFitnessPal alerted users to a potential data breach Thursday night affecting 150 million accounts.

Under Armour acquired MyFitnessPal in 2015 for US$475 million, when the platform had approximately 80 million users. Since then, the app’s user base has nearly doubled in size.

Story continues below advertisement

With files from the Associated Press. 

Sponsored content