Under Armour’s MyFitnessPal has just reported a data breach where usernames, email addresses, and password data from 150 million users were exposed. Fortunately, no customer e-commerce details were exposed and a mandatory password change will occur to protect customer accounts. 



The MyFitnessPal service from Under Armour has suffered a data breach that affects about 150 million users.  The breach occurred in late February and involved an “unauthorized party” accessing usernames, email addresses and password data, Under Armour said on Friday.

Fortunately, the exposed passwords were scrambled with the bcrypt hashing algorithm, which will make them tough to crack. “Payment card data was also not affected because it is collected and processed separately,” the company said.

As precaution, Under Armour is advising MyFitnessPal users to change their passwords for any other internet accounts that used the same login credentials. The usernames and email addresses exposed in the data breach were scrambled with an older hashing algorithm called SHA-1, making them easier to decipher.

“Review your accounts for suspicious activity,” the company said in a FAQ about the breach. “Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.”