Under Armour says 150m MyFitnessPal accounts affected by data breach

30 Mar 2018

MyFitnessPal app. Image: Syafiq Adnan/Shutterstock

Popular fitness and health tracking app MyFitnessPal is hit by hackers.

Under Armour subsidiary MyFitnessPal yesterday (29 March) shared that data from 150m accounts for the site and app was breached in February.

Clothing company Under Armour acquired MyFitnessPal, a website and mobile app for tracking activity and eating habits, in 2015. At this time, the app had 80m users but has since more than doubled in size.

Investigations are ongoing

Under Armour became aware of the breach on 25 March and is currently working with leading data security companies to augment the investigation, and is also in close contact with law enforcement authorities.

The information obtained by hackers included usernames, email addresses and hashed passwords, “the majority with the hashing function called bcrypt used to secure passwords”, according to a MyFitnessPal statement.

No government-issued details, such as social security or driver licence numbers, were leaked, as this type of information is not collected by MyFitnessPal.

Users of the app have been notified by email and in-app messaging, with a message containing security steps they should take to protect their details. Under Armour also urged users to change their passwords immediately.

Under Armour integrating technology with apparel

Under Armour has acquired several fitness app companies, in turn amassing a massive quantity of data from fitness enthusiasts and professional sports players. It says it leverages the data insights in order to create more useful sports apparel.

The company owns other apps including MapMyFitness and Endomondo, and is fast becoming a brand similar to Nike in terms of the fusion of clothing and technology in its business model.

The MyFitnessPal breach is the largest of the year so far, according to SecurityScorecard, based on the volume of records compromised.

While the information stolen may not seem directly valuable, email address databases are often of use to cyber-criminals. Email address dossiers such as this can be sold on the dark web and are used by mass spammers.

Under Armour’s shares dropped almost 4pc in in after-hours trading following the disclosure of the breach.

MyFitnessPal app. Image: Syafiq Adnan/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects