MyFitnessPal Confirms Hackers Stole 150m User Details

One of the largest ever data breach has been confirmed by US sportswear brand Under Armour.

Under Armour owns MyFitnessPal, and it has confirmed that the MyFitnessPal app has been compromised, leading to the theft of the personal details of about 150 million users.

This makes it one of the largest data breaches so far in 2018, but it is still some short of the 3 billion Yahoo accounts compromised in 2013, or the 412 million credentials of adult websites run by FriendFinder Networks in 2016.

Data Breach

Under Armour confirmed the breach in a notification to its users.

Under Armour bought MyFitnessPal in 2015 for $475m, after it was founded in 2005 by brothers Mike and Albert Lee.

Essentially, the app allows customers to monitor their calorie intake and measure it against the amount of exercise they are doing using a database of more than 2 million foods.

Under Armour confirmed that user names, email addresses and hashed passwords were among the stolen data.

The good news is that payment card data was not affected. Neither was social security numbers and driver’s license numbers, but customers are being urged to change their passwords immediately.

“On March 25, the MyFitnessPal team became aware that an unauthorised party acquired data associated with MyFitnessPal user accounts in late February 2018,” it said. “The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.”

The firm said it was working with “leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities.”

“The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue,” it said. “Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging.”

The firm did not not provide details on how the hackers got into its network or pulled out the data without getting caught.

Valuable data

Hackers gaining to data such as this is still a valuable exercise for them, because despite the fact that they were unable to obtain financial data, stolen email addresses can be exploited by phishing scams etc.

And data breaches are unfortunately a growing problem in our increasingly online world.

Earlier this month it emerged that Gwent police was being investigated after hundreds of confidential reports from members of the public may have been exposed to criminals over two-year period.

And in December last year Nissan Canada Finance (NCF) admitted that the personal details of approximately 1.13 million customers were impacted by a data breach.

How much do you know about privacy? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

3 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

3 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

3 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

3 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

3 days ago