Hackers steal data as 150 million MyFitnessPal accounts breached
More than 150 million user accounts of popular diet and fitness application MyFitnessPal have been hacked.
UK users received official notification of the major security breach via an urgent warning issued this morning.
The application is run by American sports and fitness apparel manufacturer Under Armour.
Shares in Under Armour plunged 3.8 per cent on the back of the announcement.
The investigation indicates affected information may include usernames, email addresses and hashed passwords.
Payment information, which Under Armour collects and processes separately, has not been affected by the breach.
Under Armour does not collect government identifiers like driver’s license numbers.
The company first became aware of a potential breach on 25 March when they discovered an unauthorised party had accessed MyFitnessPal user data in February.
Under Armour said it had taken steps to notify affected users and was now working with data security firms and law enforcement to assist in its investigation.
Scottish tennis champion Andy Murray counts Under Armour as his major sponsor, having signed a four-year kit deal with the US-based sportswear company worth about £15 million back in 2014.
Paul Fipps – the chief digital officer for the MyFitnessPal app – said in a statement: “We understand that you value your privacy and we take the protection of your information seriously.
“On 25 March 2018, we became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts.
“The affected information included usernames, email addresses and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.
“Once we became aware, we quickly took steps to determine the nature and scope of the issue.
“We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.”
Mr Fipps added: “We are taking steps to protect our community, including the following: We are notifying MyFitnessPal users to provide information on how they can protect their data; we will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately; we continue to monitor for suspicious activity and to coordinate with law enforcement authorities.”
Application users have been urged to change their passwords on all MyFitnessPal accounts and to review their accounts for suspicious activity.
People have also been advised to avoid clicking on links or downloading attachments from suspicious emails.