Personal details of about 150 million users of the MyFitnessPal app have been compromised in what is one of the biggest hacks in recent times.

The parent company of MyFitnessPal, US sportswear brand Under Armour, said user names, email addresses and scrambled passwords were among the stolen data. It added that payment card data was not affected.

The app allows customers to monitor calorie intake and measure it against the amount of exercise they are doing using a database of more than two million foods.

The hack happened in February though Under Armour says it didn’t become aware of the data loss until 25th March.

While the password information was hashed to protect it, knowledgeable hackers can unscramble it, hence the need to change passwords as soon as possible.

Under Armour said it was working with data security firms and law enforcement, but did not provide details on how the hackers got into its network and got away with the information.


The company issued the following advice for users whose data has been compromised:
  • Change your password for any other account on which you used the same or similar information used for you MyFitnessPal account
  • Review your [email] accounts for suspicious activity
  • Be cautious of any unsolicited communications that ask for your personal data or refer you to a webpage asking for personal data.
  • Avoid clicking on links or downloading attachments from suspicious emails

BullGuard protects your devices from malware, spies and hackers


Watch out for phishing emails

While the breach did not include financial data, large caches of stolen email addresses are valuable to cyber criminals as a launch pad for further cyber-crime.

Without stating it explicitly Under Armour’s advice is a warning that users who have lost data may well be the target of large scale phishing campaigns designed to steal personal financial and banking information.

It’s worth keeping in mind that these phishing campaigns may not appear immediately and they could also be ongoing. BullGuard protection safeguards you against phishing campaigns and malicious links.