Data Breach Friday: 150 million usernames, emails, and passwords have been compromised in a hack of the MyFitnessPal app. If users reused their password anywhere else, those accounts are compromised as well if multi-factor authentication isn't enabled!
Under Armour revealed on Thursday after the markets closed that its MyFitnessPal app has been hacked.
The fitness apparel company learned that data on 150 million accounts for the site and app were breached earlier this week, a statement said.
"The investigation indicates that the affected information included usernames, email addresses, and hashed passwords--the majority with the hashing function called bcrypt used to secure passwords," said the statement, referring to the use of a stronger password hashing algorithm.
The company said payment card data was not affected. Under Armour is currently notifying MyFitnessPal users about the breach via email and in-app messaging, and it's requiring all app users to change their passwords.
Later in the day, the California attorney general released the company's data breach notification, per the state's law--a mirror statement of what the company posted on its website.
Under Armour, thanks to its acquisitions of several fitness app firms including MyFitnessPal, has amassed massive amounts of data on both professional athletes and fitness enthusiasts. The company has even claimed to have the largest database of athlete behavior, including stats on workouts, nutrition, and sleep patterns. Under Armour has said that it uses this trove of data to make its gear smarter.
The data has helped Under Armour morph from an apparel maker into an athletic performance and technology company, rivaling Nike for the same target demographic.
Under Armour's connected fitness platforms includes UA Record, MapMyFitness, Endomondo, and MyFitnessPal, and all of those platforms have been unified to run on Amazon Web Services.
This article was originally published by ZDNet on March 29, 2018 at http://www.zdnet.com/article/under-armour-reports-150-million-myfitnesspal-accounts-hacked/.