Since March 28, Under Armour has been notifying about 150 million users that their personal information was stolen in a February 2018 security breach of its MyFitnessPal product, a food and nutrition application. Personal data such as email addresses, usernames and passwords were exposed, but credit-card information and driver’s license numbers weren’t compromised, according to the company.
Officials said the MyFitnessPal team discovered the data security issue on March 25 when they found that an “unauthorized party acquired data associated with MyFitnessPal user accounts.” MyFitnessPal is an app that assists in the tracking of diet and exercise routines.
Under Armour, the Baltimore-based athletic and fitness apparel company, said their “investigation indicates that the affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.”
“The affected data did not include government-issued identifiers (such as social security numbers and driver’s license numbers), which the company does not collect from users,” officials said. “Payment card data was also not affected because it is collected and processed separately.”
Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities.
The company took steps to alert MyFitnessPal users by notifying them through email and in-app messaging. The notice contains recommendations for users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.
The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by the breach.