Millions of MyFitnessPal accounts hacked, Under Armour says

Under Armour learned on Sunday that information from 150 million accounts had been scooped up late last month.

Rochelle Garner Features Editor / News
Rochelle Garner is features editor for CNET News. A native of the mythical land known as Silicon Valley, she has written about the technology industry for more than 20 years. She has worked in an odd mix of publications -- from National Geographic magazine to MacWEEK and Bloomberg News.
Rochelle Garner

Under Armour on Thursday said an "unauthorized party" had grabbed information including usernames, email addresses and hashed passwords, from about 150 million MyFitnessPal accounts. 

The company said it began sending emails and in-app messages to the mobile app's users on Thursday, four days after discovering the breach, which it said occurred in late February.

"The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users," Under Armour said in a statement. "Payment card data was also not affected because it is collected and processed separately."

All MyFitnessPal users will have to change their passwords, the company said. Hashed passwords have been converted to a string of numbers and letters that aren't designed to be reversed. But users with easy-to-guess passwords could still be vulnerable, as these are easier to crack when hashed. What's more, mathematicians and hackers have broken hashes in the past.

MyFitnessPal is among the more popular apps used to track diet and exercise for fitness and weight goals. 

Under Armour said it's working with "leading data security firms" and "coordinating with law enforcement authorities." 

More information about the breach can be found here

CNET's Laura Hautala contributed to this report.

Crowd Control: A crowdsourced science fiction novel written by CNET readers.

Solving for XX: The tech industry seeks to overcome outdated ideas about "women in tech."