The MyFitnessPal service from Under Armour has suffered a data breach that affects about 150 million users.
The breach occurred in late February and involved an “unauthorized party” accessing usernames, email addresses and password data, Under Armour said on March 30.
Fortunately, the exposed passwords were scrambled with the bcrypt hashing algorithm, which will make them tough to crack. “Payment card data was also not affected because it is collected and processed separately,” the company said.
As precaution, Under Armour is advising MyFitnessPal users to change their passwords for any other internet accounts that used the same login credentials. The usernames and email addresses exposed in the data breach were scrambled with an older hashing algorithm called SHA-1, which can be easier to crack.
“Review your accounts for suspicious activity,” the company said in a FAQ about the breach. “Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.”
Under Armour first learned of the incident on March 25, which triggered a full investigation. The company has been alerting the MyFitnessPal community about the breach through email and in-app messaging.
Who was behind the hack isn’t known, but the company’s investigation remains ongoing and law enforcement is now involved. To keep users safe, the MyFitnessPal service is issuing password resets for all users.
MyFitnessPal works over a website and mobile app and the service is designed to help you lose weight. It features a calorie counter for over 5 million foods. In 2015, Under Armor bought the platform for $475 million.
