MyFitnessPal suffers data breach as 150m users' details stolen by hackers

Support truly
independent journalism

Support Now

Find out moreClose

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Editor

Popular smartphone workout app MyFitnessPal has revealed it suffered a massive data breach last month after being targeted by hackers.

The user names, encrypted passwords and email addresses of at least 150m subscribers to the app, owned by US firm Under Armour, were stolen in February, the company said in a statement.

Under Armour only discovered the breach this week and quickly moved to reassure customers, announcing that it was investigating the incident.

"On 25 March 2018, we became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts," chief digital officer Paul Fipps wrote in an email to customers.

"The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.

"Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are co-ordinating with law enforcement authorities."

No credit card details or financial data were taken, however, and the company has been applauded for its quick response by security experts.

MyFitnessPal tracks subscribers' calorie counts and gym routines - leaving many understandably anxious that their highly personal information could be made available online.

Under Armour bought MyFitnessPal in 2015 for $475m (£338m) and has since more than doubled its subscriber-base from 80m.

Shares in the company fell by four per cent after it made news of the breach public.