Under Armour says data breach compromised 150 million MyFitnessPal accounts

Athletic apparel brand Under Armour announced that a data breach exposed details of over 150 million MyFitnessPal users. The leaked data includes usernames, email addresses, and hashed passwords, but government-issued identifiers like social security numbers and driving licenses were not compromised as the app doesn't collect that information. Similarly, credit card numbers were not leaked.

MyFitnessPal first detected the intrusion — believed to have occurred sometime in late February — on March 25, following which it started coordinating with law enforcement authorities and data security firms to understand the scope of the attack.

From the press release

The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users. Payment card data was also not affected because it is collected and processed separately. The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.

Under Armour acquired the food and nutrition app back in 2015 for $475 million, and has seen its userbase nearly double over the last three years. If you're a MyFitnessPal user, you should immediately change your password. To know more about the breach and the nature of the data compromised, head to MyFitnessPal's FAQ section detailing the breach (opens in new tab).

Harish Jonnalagadda
Senior Editor - Asia

Harish Jonnalagadda is a Senior Editor overseeing Asia at Android Central. He leads the site's coverage of Chinese phone brands, contributing to reviews, features, and buying guides. He also writes about storage servers, audio products, and the semiconductor industry. Contact him on Twitter at @chunkynerd.

  • I'm amazed that many people have a My Fitness account tbh.
  • Well 1 less today. I have decided to delete accounts from companies that do not take my security and privacy as the top priority.
  • Well then you better go live in a cave and grow your own food. And get rid of your phone. Google was pretty generous with permissions so Facebook and probably others got access to a ton of private information they didn't need. Remember the private pictures stolen from Apple's cloud? What about all the stores that got hacked? Home Depot, Target etc.? Guess you could always carry cash. But then you might get mugged. Heck even the government got hacked. Might want to go live on your own private island.