- Under Armour’s health and fitness tracking app has been hit by a data breach.
- Roughly 150 million MyFitnessPal have been impacted by the breach.
- An “unauthorized party” gained information such as usernames and email addresses — but not payment information.
Roughly 150 million people who are MyFitnessPal users were impacted by a breach, which Under Armour discovered earlier this week. An “unauthorized party” acquired data about MyFitnessPal users in late February 2018, Under Armour announced on Thursday.
“Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities,” the company said in a statement. “The investigation indicates that the affected information included usernames, email addresses, and hashed passwords — the majority with the hashing function called bcrypt used to secure passwords.”
The unauthorized party would not have been able to obtain payment information or information such as users’ Social Security numbers or driver’s license numbers in the breach, Under Armour said. The company has begun notifying users via in-app message, as well as email.
Under Armour will require MyFitnessPal users to change their password, and is “urging users to do so immediately.” The company is also urging users to review their accounts for suspicious activity, and to be cautious of any unsolicited messages, such as emails, that ask for personal data.
Under Armour acquired MyFitnessPal for $475 million in 2015.
This post originally appeared on Business Insider.