Under Armour has admitted that around 150 million MyFitnessPal user accounts were hacked in February of this year.
The sports giant has stated that “an unauthorized party acquired data associated with MyFitnessPal user accounts” occurred last month but it only became aware of the breach earlier this week. “The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident,” read a statement.
The data includes usernames, passwords and email addresses but not bank, driving license or social security information.
“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging,” continued the official company statement. “The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”
It’s the biggest data breach of 2018 so far, and Under Armour said it is “working with leading data security firms to assist in its investigation” as well as law enforcement authorities. Shares dropped almost 4% in after-hours trading.
MyFitnessPal lets users monitor their calorie intake and measure it against the amount of exercise they are doing, with a database of more than 2 million foods available to choose from. It was founded in 2005 by brothers Mike and Albert Lee. It was acquired by Under Armour in 2015 for $475 million. The app is part of Under Armour’s connected fitness division, with revenue last year accounting for 1.8 per cent of the company’s $5 billion in total sales.
If you’re a MyFitnessPal user and haven’t already received the notification telling you to change your password, we recommend you do so immediately – you may also want to change that password on any other sites you use it on, especially if you are using the same email address on those too.