Breach, Threat Management, Data Security

Under Armour: unauthorized third party accessed 150 million MyFitnessPal accounts

Under Armour notified MyFitnessPal users that an unauthorized third party accessed usernames, email addresses and hashed passwords in about 150 million accounts in late February, 

The hashed passwords affected were in large part ones “with the hashtag function called bcrypt used to secure passwords,” the company said in an alert. 

“The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users,” the statement noted. Likewise, payment card data wasn't affected since the company collects and processes that separately. 

“The re-use of passwords in situations like this may seem like short lapse in judgment, but this data that aligns names and email addresses with passwords is a potential disaster for anyone who reuses their passwords across multiple sites and accounts,” said Lisa Baergen, marketing director of NuData Security, a MasterCard company.

She said “anyone who thinks they may have reused their MyFitnessPal password on other sites needs to change each account password and track all account activity carefully.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.