The app, which allows users to log in their meals and count calories, is owned by fitness and athletics brand Under Armour. The company admitted recently that an unauthorized third party stole account data in late February. It became aware of the break this month and promptly took steps to alert users about the incident.
MyFitnessPal Data Breach
The stolen data doesn't include payment information or government-issued IDs. Health information, including what users weighed and ate, wasn't breached, BuzzFeed reports. However, the third party did take user names, email addresses, and passwords. The passwords were hashed versions of the original. Hashing is a process where a password is transformed into another series of characters to make it more secure. Still, hackers may still be able to find a way to convert the hashed passwords to their original versions.
The sheer number of affected users makes this break one of the most massive in the history of tech-related data thefts.
"Email addresses are valuable for spammers because the attackers would know that active, real users are behind these addresses," according to Engin Kirda, a Northeastern University professor. "The dark web is usually where data like this is sold to the highest bidder."
Founded in 2005, the app currently has 225 million users globally, said an Under Armour spokesperson. The athletics brand acquired the app in 2015 as part of a bid to become the world's largest fitness information tracker. The idea, as Bloomberg notes, was to expand upon the company's roots in athletic apparel and equipment.
What Under Armour Is Doing
The company is taking the following steps to protect MyFitnessPal accounts moving forward:
• We are notifying MyFitnessPal users to provide information on how they can protect their data.
• We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
• We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
• We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
The company also advises users to be extra cautious about sketchy behavior that may originate from the app, such as unsolicited offers that ask for personal data. Avoid clicking links or downloading attachments from suspicious emails, too.
MyFitnessPal also advises all accounts to change their password. To do so, visit the MyFitnessPal desktop site, navigate to the "My Home" tab, and click on "Settings." Then simply choose "Change Password."
If you're a consistent MyFitnessPal user, it might be a good idea to change your password immediately. If you have thoughts or reactions, feel free to sound them off in the comments section below!