Under Armour MyFitnessPal App Breach Exposes Data On 150 Million Users

Under Armor is a big name in the athletic clothing world. In addition to clothing, the company also has an app that is meant to allow people to track their food intake and nutrition to help get fit (and stay) fit. The app is very popular with users on iOS and Android, but it has suffered a major data breach. Under Armour has notified users that the MyFitnessPal app team became aware that an unauthorized third party had acquired data associated with user accounts for the app and website.


That unauthorized access happened in late February 2018 and Under Armor states "The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident." It says that it is working with leading data security firms to assist in its investigation and is coordinating with law enforcement.


Under Armour wrote, "The investigation indicates that the affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords." Under Armor notes that all information stolen in the hack that wasn't protected via bcrypt was protected using SHA-1 160-bit hashing function.

Under Armour is also clear that payment data wasn't accessed in the hack. It wrote, "Payment card data was also not affected because it is collected and processed separately."

The investigation is ongoing, but the breach appears to affect about 150 million users. Notifications began four days after Under Armour learned of the breach via email and in-app messaging. The notices included details on what users of the app could do to protect their accounts and a digital version of the notification can be seen here. Users are required to change their passwords and the company is urging users to do so immediately. A FAQ page set up by MyFitnessPal with further information can be viewed here.