Popular Under Armour-owned workout and health app MyFitnessPal has been breached, and data has been compromised from about 150 million accounts.
MyFitnessPal issued its own notice of data breach, saying that “the affected information included usernames, email addresses, and hashed passwords — the majority with the hashing function called bcrypt used to secure passwords.”
Breach notices often only point out that some information was left unsecured, while noting that someone might have acquired information. But this case appears to be more definitive, as MyFitnessPal says that “an unauthorized party acquired data.”
MyFitnessPal urges users to change their passwords as soon as possible. There were no further details reported about how the breach occurred, and the breach is still under investigation.
The notice didn’t include any information about how many users were affected — that “150 million accounts” number comes from a Reuters report. Based on the number of records compromised, this is the largest breach of the year, as noted by SecurityScorecard.
[Check out our article Stay Aware: Security Risks In Fitness Apps.]
This isn’t the first high-profile privacy issue to befall a fitness app this year. In January, Strava drew criticism for its Global Heatmap, which revealed detailed locations of military bases around the world. It was also revealed that Strava’s anonymous data could be “de-anonymized.”
More On MyFitnessPal
MyFitnessPal is an extremely popular app, ranked second overall in the Health & Fitness section in Apple’s App Store. The developer claims it’s “the world’s most popular health and fitness app.” Highly regarded, it has a current rating of 4.7 stars.
The MyFitnessPal app works as a calorie counter and diet tracker. It also allows users to connect other apps and devices to sync workouts, and it tracks steps, logs workout information, and more. There’s also a premium version of the app that costs $10/month or $50/year.