Under Armour has disclosed that 150 million MyFitnessPal diet and fitness app accounts were affected by a security breach. The number of records compromised make this the largest data breach this year and one of the top five in history.
The company said it became aware of the hack on March 25, but it believes that an unauthorized party had access to the accounts since late February. Information made vulnerable to cyber criminals in the breach includes users’ email addresses, usernames, and hashed passwords.
“The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users,” Under Armour said in a statement.
“Payment card data was also not affected because it is collected and processed separately. The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.”
Users urged to change passwords
Four days after discovering the breach, Under Armour notified MyFitnessPal users via app and email notifications. The company said users could safeguard their account and information by taking the following measures:
Change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.
Review your accounts for suspicious activity.
Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
Avoid clicking on links or downloading attachments from suspicious emails.
Under Armour said it doesn’t know the identity of the unauthorized party and is currently working with data security firms to assist in its investigation. It did not provide details on how the hackers got into its network in the first place.
“We continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” Under Armour informed its customers. “We continue to make enhancements to our systems to detect and prevent unauthorized access to user information."