Huge data breach. Personal details of 150 million MyFitnessPal app users stolen by hackers
One of the largest ever data breach has been confirmed by US sportswear brand Under Armour.
Under Armour owns MyFitnessPal, and it has confirmed that the MyFitnessPal app has been compromised, leading to the theft of the personal details of about 150 million users.
This makes it one of the largest data breaches so far in 2018, but it is still some short of the 3 billion Yahoo accounts compromised in 2013, or the 412 million credentials of adult websites run by FriendFinder Networks in 2016.
Under Armour confirmed the breach in a notification to its users.
Under Armour bought MyFitnessPal in 2015 for $475m, after it was founded in 2005 by brothers Mike and Albert Lee.
Essentially, the app allows customers to monitor their calorie intake and measure it against the amount of exercise they are doing using a database of more than 2 million foods.
Under Armour confirmed that user names, email addresses and hashed passwords were among the stolen data.
The good news is that payment card data was not affected. Neither was social security numbers and driver’s license numbers, but customers are being urged to change their passwords immediately.
“On March 25, the MyFitnessPal team became aware that an unauthorised party acquired data associated with MyFitnessPal user accounts in late February 2018,” it said. “The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.”
The firm said it was working with “leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities.”
“The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue,” it said. “Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging.”
The firm did not not provide details on how the hackers got into its network or pulled out the data without getting caught.
Hackers gaining to data such as this is still a valuable exercise for them, because despite the fact that they were unable to obtain financial data, stolen email addresses can be exploited by phishing scams etc.
And data breaches are unfortunately a growing problem in our increasingly online world.
Earlier this month it emerged that Gwent police was being investigated after hundreds of confidential reports from members of the public may have been exposed to criminals over two-year period.
And in December last year Nissan Canada Finance (NCF) admitted that the personal details of approximately 1.13 million customers were impacted by a data breach.
How much do you know about privacy? Try our quiz!