Data belonging to about 150 million users of MyFitnessPal, a food and nutrition app and website which is owned by athletic apparel and shoe maker Under Armour, has been stolen, the company said on Thursday.
There was no immediate word on how the data breach occurred, but Under Armour said in a statement that it became aware on Sunday that an “unauthorized party” had acquired data associated with MyFitnessPal user accounts in late February.
“Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities,” the company said. “The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue.”
The affected information includes usernames, email addresses, and hashed passwords – the majority of which were secured with bcrypt to prevent them from being used. The data does not include social security numbers, which the company does not collect, or payment card data.
MyFitnessPal will require users to choose a new password and users are urged to do the same at other websites where they used the same or similar information. Users should also be cautious of suspicious emails, the company warned.
With at least 150 million users affected, it is one of the largest cyber security breaches ever reported. Only two other data breaches are known to have affected a larger number of people: one at Adult Friend Finder and one at Yahoo.