Athletic-apparel maker Under Armour announced late Thursday (March 29) that its MyFitness Pal smartphone app had suffered a data breach affecting 150 million user accounts.
Compromised personal information included usernames, email addresses and "hashed" passwords that were passed through a one-way encryption function.
What to Do Now
If you have, or ever had, a MyFitness Pal account (the app works in conjunction with Garmin, Fitbit and many other kinds of wearable devices), go to the MyFitness Pal website (opens in new tab) and change your password immediately, and change it on any other account where you used that password. Under Armour will be forcing all users to change their passwords anyway.
MORE: What to Do After a Data Breach
The good news is that a "majority" of the passwords were hashed with the very strong bcrypt function, which is virtually impossible to crack if it is properly implemented. The bad news is that the rest were hashed with the SHA-1 function, which hasn't been considered safe to use since 2005.
Under Armour also warned users to watch out for phishing emails pretending to come from Under Armour or MyFitness Pal, and noted that none of the legitimate emails will request data, have attachments or have any links other than to the FAQ.
How Did This Happen?
"On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018," an Under Armour press release said. "The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident."
No financial information, such as credit-card numbers, was included in the compromised information, and nor were Social Security numbers or drivers'-license numbers.
Under Armour will be directly notifying all MyFitness Pal users, a FAQ posted online (opens in new tab) stated.
Best Identity Protection Services
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.