Under Armour, Inc. has announced that data from some 150 million of the the company's food and nutrition application and website MyFitnessPal diet and fitness app accounts were compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.
“On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018,” the company said in a statement. “The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.”
According to Under Armour, the stolen data does not include government-issued identifiers (such as Social Security numbers and driver's license numbers), but includes usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords. Under Armour says it is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities. However, the company failed to disclose how the hackers got into its network.
The Baltimore, Maryland-based company said it began notifying MyFitnessPal community via email and through in-app messaging, four days after learning of the issue. The notice contained recommendations for MyFitnessPal users regarding account security steps the users would have to take to help protect their personal data. The footwear manufacturer also suggested that the app users would have to change their passwords “immediately” for security reasons.