MyFitnessPal Confirms Hackers Stole 150m User Details

One of the largest ever data breach has been confirmed by US sportswear brand Under Armour.

Under Armour owns MyFitnessPal, and it has confirmed that the MyFitnessPal app has been compromised, leading to the theft of the personal details of about 150 million users.

This makes it one of the largest data breaches so far in 2018, but it is still some short of the 3 billion Yahoo accounts compromised in 2013, or the 412 million credentials of adult websites run by FriendFinder Networks in 2016.

Data Breach

Under Armour confirmed the breach in a notification to its users.

Under Armour bought MyFitnessPal in 2015 for $475m, after it was founded in 2005 by brothers Mike and Albert Lee.

Essentially, the app allows customers to monitor their calorie intake and measure it against the amount of exercise they are doing using a database of more than 2 million foods.

Under Armour confirmed that user names, email addresses and hashed passwords were among the stolen data.

The good news is that payment card data was not affected. Neither was social security numbers and driver’s license numbers, but customers are being urged to change their passwords immediately.

“On March 25, the MyFitnessPal team became aware that an unauthorised party acquired data associated with MyFitnessPal user accounts in late February 2018,” it said. “The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.”

The firm said it was working with “leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities.”

“The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue,” it said. “Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging.”

The firm did not not provide details on how the hackers got into its network or pulled out the data without getting caught.

Valuable data

Hackers gaining to data such as this is still a valuable exercise for them, because despite the fact that they were unable to obtain financial data, stolen email addresses can be exploited by phishing scams etc.

And data breaches are unfortunately a growing problem in our increasingly online world.

Earlier this month it emerged that Gwent police was being investigated after hundreds of confidential reports from members of the public may have been exposed to criminals over two-year period.

And in December last year Nissan Canada Finance (NCF) admitted that the personal details of approximately 1.13 million customers were impacted by a data breach.

How much do you know about privacy? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

6 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

8 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

10 hours ago