Under Armour has become embroiled in controversy after it revealed that its popular diet tracker app MyFitnessPal had gotten hacked last month. Over 150 million users have been compromised, making it one of the largest data breaches ever.
Details about who or which group did the hacking are scarce at the moment, but Under Armour did confirm that it occurred in late February 2018. MyFitnessPal apparently became aware of the issue on March 25. After determining the nature and scope of the problem, it began telling its community about this invasion of their privacy 4 days later.
MyFitnessPal is currently telling its users about the problem via email and in-app messages. All members will have to change their passwords, whether they were affected by the leak or not. The app’s also recommending steps they can take to further safeguard their information.
As for what got leaked, Under Armour says that usernames, emails, and hashed passwords were stolen. The passcodes were encrypted using the hashing function bcrypt, so the attackers shouldn’t be able to read them. No driver’s license number or Social Security numbers were given away, since MyFitnessPal doesn’t collect that kind of information anyway.
Under Armour is also reassuring individuals that no payment card data was stolen since it’s collected and processed separately. The firm’s currently working with data security firms and law enforcement authorities to assist in the investigation.
It might be a good idea to change the password for other services if you were using the same key for multiple apps and websites. This is a common way for hackers to access your other accounts, as seen in 2016 when Mark Zuckerberg’s social media accounts were breached.