Another day, another data breach, or at least that’s the way it seems. Under Armour, the owner of MyFitnessPal has today begun contacting MyFitnessPal users advising that their data had been compromised back in February.
Contact is being made through both an email to the accounts affected as well as through a notification in the app, advising the extent of the breach which affects 150 million users and included account information such as user names, email addresses and hashed passwords. Under Armour has advised that the payment card data associated with accounts was not affected because it is collected and processed separately. The passwords associated with the accounts were not stored in plain text, instead they were hashed with bcrypt.
Under Armour, along with leading data security firms is looking into the source of the breach, but has also notified law enforcement who are investigating, but at this stage they are unaware of the identity of the unauthorized party behind the breach. They have not provided any details on how the breach was perpetrated.
At this stage, Under Armour is notifying users of the breach, and will be requiring MyFitnessPal users to change their passwords, they will also be monitoring for suspicious activity on affected accounts and will be making ‘enhancements to our systems to detect and prevent unauthorized access to user information’.
At this time, if you have a MyFitnessPal account, check the app and your email for the notification of the breach. We recommend logging into your account to change the password, but use a password manager such as KeePass or LastPass to generate a new password. To change your password, you’ll need to login to your account at www.myfitnesspal.com, then click the “My Home” tab, then go to “Settings,” then “Change Password.”