Millions of Americans may have had their user data stolen from a popular Under Armour health application, according to Under Armour, which alerted users to the security breach on Thursday.
As many as 150 million accounts were stolen from the MyFitnessPal app last month, including usernames, email addresses and scrambled passwords, in one of the biggest such breaches of its kind. According to reports, more sensitive information such as social security numbers, driver’s license numbers and details from payments were not impacted.
In a statement, Under Armour officials said they became aware of the data security issue on March 25, and the company “quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.”
“Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities. The investigation indicates that the affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.”
According to Under Armour, they are "taking steps to protect the community," including the following measures:
- "We are notifying MyFitnessPal users to provide information on how they can protect their data.
- We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
- We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
- We continue to make enhancements to our systems to detect and prevent unauthorized access to user information."
Click here to sign up for Daily Voice's free daily emails and news alerts.