The Baltimore, Maryland-based athletic company Under Armour announced its MyFitnessPal exercise app was involved in a massive information breach, with upwards of 150 million user accounts potentially affected. Of the hacked data, the brand says only usernames, email addresses, and hashed password information was breached, so it appears (at this time) that no financial information was compromised — which could be seen as somewhat of a silver lining considering how prevalent hacks and breaches have become.
An Under Armour-affiliated application since 2015, MyFitnessPal is a diet and exercise program designed to not just track daily activity but also to motivate its users. The app had around 80 million users prior to its acquisition, but Under Armour’s already-established network of brand loyalists and gear supporters allowed it to grow to more than 165 million users.
Under Armour reports that it was alerted to the breach on March 25 — and that it occurred in February. Upon learning of its severity, the brand “quickly took steps to determine the nature and scope of the issue.” This includes notifying law enforcement, working with data firms to assist in the investigation, alerting its user base and asking for password changes, and monitoring any suspicious behavior. The brand said it strongly recommends any MyFitnessPal user to immediately change their password as a precautionary measure, even if they aren’t necessarily involved in the breach.
“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” said Under Armour in a statement. “The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”
The statement goes on to recommend that users be aware of any solicitation for them to provide personal information and to avoid, at all costs, clicking on any links or attachments in suspicious emails. Under Armour also provided additional information about how to change a password and how to better safeguard user information, as well as a list of frequently asked questions surrounding the breach.