MyFitnessPal suffers data breach as 150m users' details stolen by hackers

Logins, encrypted passwords and email addresses taken as owner Under Armour moves to reassure customers

Joe Sommerlad
Friday 30 March 2018 08:50 BST
(Getty Images/Vetta
(Getty Images/Vetta

Popular smartphone workout app MyFitnessPal has revealed it suffered a massive data breach last month after being targeted by hackers.

The user names, encrypted passwords and email addresses of at least 150m subscribers to the app, owned by US firm Under Armour, were stolen in February, the company said in a statement.

Under Armour only discovered the breach this week and quickly moved to reassure customers, announcing that it was investigating the incident.

"On 25 March 2018, we became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts," chief digital officer Paul Fipps wrote in an email to customers.

"The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.

"Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are co-ordinating with law enforcement authorities."

No credit card details or financial data were taken, however, and the company has been applauded for its quick response by security experts.

MyFitnessPal tracks subscribers' calorie counts and gym routines - leaving many understandably anxious that their highly personal information could be made available online.

Under Armour bought MyFitnessPal in 2015 for $475m (£338m) and has since more than doubled its subscriber-base from 80m.

Shares in the company fell by four per cent after it made news of the breach public.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in