You are using an older browser version. Please use a supported version for the best MSN experience.

Millions of MyFitnessPal accounts hacked, Under Armour says

CNET logo CNET 3/30/2018 Rochelle Garner
a drawing of a face: myfitnesspal-windows-phone.png © Provided by CNET myfitnesspal-windows-phone.png

Under Armour on Thursday said an "unauthorized party" had grabbed information including usernames, email addresses and hashed passwords, from about 150 million MyFitnessPal accounts. 

The company said it began sending emails and in-app messages to the mobile app's users on Thursday, four days after discovering the breach, which it said occurred in late February.

"The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users," Under Armour said in a statement. "Payment card data was also not affected because it is collected and processed separately."

All MyFitnessPal users will have to change their passwords, the company said. Hashed passwords have been converted to a string of numbers and letters that aren't designed to be reversed. But users with easy-to-guess passwords could still be vulnerable, as these are easier to crack when hashed. What's more, mathematicians and hackers have broken hashes in the past.

MyFitnessPal is among the more popular apps used to track diet and exercise for fitness and weight goals. 

Under Armour said it's working with "leading data security firms" and "coordinating with law enforcement authorities." 

More information about the breach can be found here

CNET's Laura Hautala contributed to this report.

Crowd Control: A crowdsourced science fiction novel written by CNET readers.

Solving for XX: The tech industry seeks to overcome outdated ideas about "women in tech."

a close up of a logo © Provided by CNET

More from CNET

image beaconimage beaconimage beacon