Data Breach Exposes 150 Million MyFitnessPal Accounts

Under Armour, which owns the MyFitnessPal application announced that an estimated 150 million user accounts had been exposed in a data breach. The account information that was exposed included usernames, emails, and hashed passwords; it's not clear if food logs or other content was also taken.

MyFitnessPal Accounts Exposed

MyFitnessPal is an exercise and calorie-tracking application used by millions of people. The application and its company were purchased by Under Armour, a sportswear brand, in 2015.

Under Armour said that it was made aware of the data breach on March 25, 2018. However, the attacker who took the accounts seem to have gotten into the network a month earlier, in February.

The company said that it has alerted authorities and that leading data security firms will also assist in the investigation. Under Armour will also take the following steps:

We are notifying MyFitnessPal users to provide information on how they can protect their data.We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.

What Users Can Do

If you’re a MyFitnessPal user, then you should also take some extra steps to protect your account. The passwords seem to have been encrypted and hashed, so the hackers won't automatically be able to use them. However, unless your passwords were also long and complicated phrases, then they will still be vulnerable to brute-force attacks. Therefore, Under Armour recommended to change your password not just for the MyFitnessPal account, but also for other accounts, if you used the same one.

The company also advised reviewing your account for suspicious activity and being careful about new emails that attempt to get you to click links or open files. Because the emails were exposed in the data breach, that means the attackers will now be able to use them in spam and phishing campaigns.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • velocityg4
    The data they store is pretty minor compared to some of the breaches of major health care networks. Since those stored name, address, phone number, date of birth, social security number and drivers license number. Nor as bad as the Equifax data breach. Given all those breaches. Odds are your information is already out there.

    The Myfitnesspal breach is pretty minor. Usernames, passwords and e-mail addresses. Unfortunately most people will use the same password for their e-mail and every other online account.
  • irfbhatt
    One password for everything, eternal practice.