MyFitnessPal App Breach May Expose 150M Users' Data: Under Armour

BALTIMORE, MD — An estimated 150 million users of the MyFitnessPal exercise and weight loss app owned by Baltimore-based Under Armour may have had their personal data exposed. The company told users of the breach on Thursday, which it said was first alerted to on Sunday. The actual breach — which likely gleaned usernames, email addresses, and passwords — occurred in February.

App users should change their password for any account which shares the password used for MyFitnessPal and be wary of any unsolicited messages that ask for personal data. Do not click on links or download attachments from suspicious emails, the company says.

The data obtained by hackers did not include Social Security numbers or driver's license numbers, the business says. Payment card data was not affected because it is collected and processed separately.

So far, the company says it doesn't know who the unauthorized party is that obtained the data. MyFitnessPal says it is increasing its security to detect and prevent illicit access.

"Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities," the company said in a message to users.

(For more news like this, find your local Patch here. If you have an iPhone, click here to get the free Patch iPhone app; download the free Patch Android app here.)

Here's the full message posted on the MyFitnessPal home page:

To the MyFitnessPal Community:
We are writing to notify you about an issue that may involve your MyFitnessPal account information. We understand that you value your privacy and we take the protection of your information seriously.

What Happened?

On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.

What Information Was Involved?

The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.

What We Are Doing

Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.

We are taking steps to protect our community, including the following:

• We are notifying MyFitnessPal users to provide information on how they can protect their data.
• We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
• We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
• We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.

What You Can Do

We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:

• Change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.
• Review your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
• Avoid clicking on links or downloading attachments from suspicious emails.

For More Information

For more information, please go to https://content.myfitnesspal.com/security-information/FAQ.html.
Sincerely,
Paul Fipps
Chief Digital Officer

Image via Shutterstock