BuzzFeed News

Reporting To You

150 Million Users Of The MyFitnessPal App Had Their Data Stolen By A Third Party

Under Armour, the owner of the food and nutrition app and website, recently learned that an unauthorized party acquired users' usernames, email addresses, and passwords.

Last updated on March 29, 2018, at 8:49 p.m. ET

Posted on March 29, 2018, at 5:00 p.m. ET

About 150 million users of the MyFitnessPal food and nutrition app had their usernames, email addresses, and hashed passwords stolen in a data security breach, its owner, Under Armour, said Thursday.

Under Armour said in a statement that it was notifying users of the application about the breach.Founded in 2005, MyFitnessPal allows users to track their diet and exercise to determine how many calories they need to eat to meet weight loss goals. The app currently has about 225 million users, according to an Under Armour spokesperson.The company said it became aware of the breach on March 25, and that the affected data did not include government-issued identifiers, such as Social Security numbers and driver's license numbers. Payment card data was also not affected.No health information, such as users' weight and what they ate, was breached either, according to a person familiar with the matter who declined to be identified.The passwords that were acquired were hashed versions of users' original passwords. Hashing transforms a password into another string of characters to make it more secure.Hashed passwords, however, are still valuable information for hackers, according to Northeastern University Professor Engin Kirda."Having the hashes means that attackers can launch offline brute-force guessing attacks against these passwords and potentially crack many of them as users are often notoriously bad in choosing good passwords," Kirda said in a statement to BuzzFeed News.As a result of the data breach, the company is urging users to change their passwords and be cautious of any suspicious emails or activity.
MyFitnessPal.com

Under Armour said in a statement that it was notifying users of the application about the breach.

Founded in 2005, MyFitnessPal allows users to track their diet and exercise to determine how many calories they need to eat to meet weight loss goals. The app currently has about 225 million users, according to an Under Armour spokesperson.

The company said it became aware of the breach on March 25, and that the affected data did not include government-issued identifiers, such as Social Security numbers and driver's license numbers. Payment card data was also not affected.

No health information, such as users' weight and what they ate, was breached either, according to a person familiar with the matter who declined to be identified.

The passwords that were acquired were hashed versions of users' original passwords. Hashing transforms a password into another string of characters to make it more secure.

Hashed passwords, however, are still valuable information for hackers, according to Northeastern University Professor Engin Kirda.

"Having the hashes means that attackers can launch offline brute-force guessing attacks against these passwords and potentially crack many of them as users are often notoriously bad in choosing good passwords," Kirda said in a statement to BuzzFeed News.

As a result of the data breach, the company is urging users to change their passwords and be cautious of any suspicious emails or activity.

Blake Montgomery contributed additional reporting to this story.

Support our journalism

Help BuzzFeed News reporters expose injustices and keep quality news free.

Contribute
ADVERTISEMENT