Under Armour Hacked: 150 Million Accounts Stolen in February

The MyFitnessPal app came under attack.

Flickr / American Red Cross of the Bay Area

The fitness brand Under Armour announced Thursday that 150 million user accounts for its MyFitnessPal were hacked and compromised in February. The company said it became aware of the breach on March 25 and has already begun an investigation in coordination with data security firms and law enforcement.

Whoever was behind the hack of the diet- and exercise-tracking app would have gained access to usernames, email addresses, and the hashed — or encrypted — versions of users’ passwords. While it does not appear the breach would have made users’ original passwords directly available, MyFitnessPal is requiring all users update their passwords on the app and urging them to do the same for any other accounts that use the same or similar information.

Both Under Armour and MyFitnessPal stressed in their statements that the breach did not affect social security data or other government-issued information, as the app doesn’t collect that data in the first place, nor would it affect payment data for users of the app’s premium tier, as that’s collected separately.

The danger for this breach would then appear to be in to whatever extent it’s possible for the guilty party to use the more basic information obtained to attempt to gain access to more sensitive data.

MyFitnessPal said it is in the process of reaching out to all users to inform them of what has occurred. Since a mass email targeted at the victims of a data breach is pretty much the ideal opportunity for those in possession of said victims’ emails to send a phishing scam, the app stressed that the email it is sending has no links, no attachments to download, and no requests for personal information. If you’re a MyFitnessPal user and get an email that doesn’t look like this, chances are it’s a scam.

Founded in 2005, MyFitnessPal grew to 80 million users before Under Armour purchased it in 2015. That number has roughly doubled in the three years since the acquisition. The app is available on both Android and iOS and is designed to work with more than 50 devices, hence its huge reach.

Those looking for more information on how the breach has affected their account can visit the MyFitnessPal customer portal.