Skip To Content
BuzzFeed News Home Reporting To You

Utilizamos cookies, próprios e de terceiros, que o reconhecem e identificam como um usuário único, para garantir a melhor experiência de navegação, personalizar conteúdo e anúncios, e melhorar o desempenho do nosso site e serviços. Esses Cookies nos permitem coletar alguns dados pessoais sobre você, como sua ID exclusiva atribuída ao seu dispositivo, endereço de IP, tipo de dispositivo e navegador, conteúdos visualizados ou outras ações realizadas usando nossos serviços, país e idioma selecionados, entre outros. Para saber mais sobre nossa política de cookies, acesse link.

Caso não concorde com o uso cookies dessa forma, você deverá ajustar as configurações de seu navegador ou deixar de acessar o nosso site e serviços. Ao continuar com a navegação em nosso site, você aceita o uso de cookies.

150 Million Users Of The MyFitnessPal App Had Their Data Stolen By A Third Party

Under Armour, the owner of the food and nutrition app and website, recently learned that an unauthorized party acquired users' usernames, email addresses, and passwords.

Last updated on March 29, 2018, at 8:49 p.m. ET

Posted on March 29, 2018, at 5:00 p.m. ET

About 150 million users of the MyFitnessPal food and nutrition app had their usernames, email addresses, and hashed passwords stolen in a data security breach, its owner, Under Armour, said Thursday.

Under Armour said in a statement that it was notifying users of the application about the breach.

Founded in 2005, MyFitnessPal allows users to track their diet and exercise to determine how many calories they need to eat to meet weight loss goals. The app currently has about 225 million users, according to an Under Armour spokesperson.

The company said it became aware of the breach on March 25, and that the affected data did not include government-issued identifiers, such as Social Security numbers and driver's license numbers. Payment card data was also not affected.

No health information, such as users' weight and what they ate, was breached either, according to a person familiar with the matter who declined to be identified.

The passwords that were acquired were hashed versions of users' original passwords. Hashing transforms a password into another string of characters to make it more secure.

Hashed passwords, however, are still valuable information for hackers, according to Northeastern University Professor Engin Kirda.

"Having the hashes means that attackers can launch offline brute-force guessing attacks against these passwords and potentially crack many of them as users are often notoriously bad in choosing good passwords," Kirda said in a statement to BuzzFeed News.

As a result of the data breach, the company is urging users to change their passwords and be cautious of any suspicious emails or activity.

Blake Montgomery contributed additional reporting to this story.

A BuzzFeed News investigation, in partnership with the International Consortium of Investigative Journalists, based on thousands of documents the government didn't want you to see.