Sports clothing manufacturer Under Armour has revealed that its flagship app MyFitnessPal has been hacked, leaving 150 million user accounts exposed online.
The data breach was discovered last week, with Under Armour admitting it had contacted local law enforcement and sent urgent mails to users to update their account settings.
The free calorie-counting app has over 200 million downloads for iPhone from the App Store and Android from Google Play, making it one of the largest fitness apps globally.
It works by tracking calories using a database of 3 million foods, as well as monitoring fitness goals.
Just the latest hack attack
The data breach amounts to the largest ever breach of Under Armour’s systems.
And it’s only the latest in a series of mass data infringments of major US companies.
Yahoo were forced to admit last year that every single email address ever registered with the firm – some 3 billion accounts – laid bare to criminals.
1.4bn pieces of personal data including unencrypted passwords went on sale on illegal markets on the Dark Web in December.
MyFitnessPal hack not over
While credit card information was not divulged, user names, email addresses and ‘hashed’ passwords were.
Hashed passwords are more difficult for unauthorized users to guess because they convert letters into apparently random strings of numbers.
But with email accounts now effectively open for hackers to see, MyFitnessPal users are far more likely to be the victim of fraud, phishing or password scraping.
The company warned its users to watch out for any suspicious activity, avoid clicking on links or downloading attachments from suspicious emails and especially to be cautious of any unsolicited emails asking for personal data.
In a statement posted in their FAQs the company said: “We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
“If you are a MyFitnessPal user who created an account after November 2016, changing your MyFitnessPal password will also update the password you use for the MapMyFitness family of apps.”
How to change your password
- Login to your account at MyFitnessPal.com
- Click the My Home tab
- Click Settings
- From the following screen click Change Password.