MyFitnessPal suffers data breach as 150m users' details stolen by hackers

Logins, encrypted passwords and email addresses taken as owner Under Armour moves to reassure customers

Joe Sommerlad
Friday 30 March 2018 08:50 BST
Comments
(Getty Images/Vetta
(Getty Images/Vetta (Getty Images/Vetta)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Popular smartphone workout app MyFitnessPal has revealed it suffered a massive data breach last month after being targeted by hackers.

The user names, encrypted passwords and email addresses of at least 150m subscribers to the app, owned by US firm Under Armour, were stolen in February, the company said in a statement.

Under Armour only discovered the breach this week and quickly moved to reassure customers, announcing that it was investigating the incident.

"On 25 March 2018, we became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts," chief digital officer Paul Fipps wrote in an email to customers.

"The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.

"Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are co-ordinating with law enforcement authorities."

No credit card details or financial data were taken, however, and the company has been applauded for its quick response by security experts.

MyFitnessPal tracks subscribers' calorie counts and gym routines - leaving many understandably anxious that their highly personal information could be made available online.

Under Armour bought MyFitnessPal in 2015 for $475m (£338m) and has since more than doubled its subscriber-base from 80m.

Shares in the company fell by four per cent after it made news of the breach public.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in