Under Armour data breach affects 150 million MyFitnessPal users

Usernames, email addresses and passwords were exposed.

Under Armour just disclosed that 150 million MyFitnessPal accounts were affected by a security breach. The company became aware of it on March 25th, and deduced that unauthorized parties had access to the accounts since late February 2018 -- but only users' usernames, email addresses, and hashed passwords were exposed.

Government-issued identification like driver's licenses or social security numbers weren't included since the company doesn't collect that information. Under Armour also stated that payment data (including credit cards) weren't exposed because that is collected and processed separately.

Today, four days after discovering the breach, the company told MyFitnessPal users through email and app notifications, recommending ways to safeguard their account and information as well as requiring them to change passwords. Under Armour announced it had acquired MyFitnessPal in early 2015 for $475 million. We've reached out to Under Armour for comment and to determine whether the breach extends to data for the company's other apps like MapMyRun.

Update: A source familiar with the matter has told Engadget that, based on the investigation thus far, the breach did not affect users on Under Armour's other fitness apps, including Map My Run, Map My Fitness, Record or the company's namesake application. Although the investigation is still ongoing, our source claims the breach appears to have only affected MyFitnessPal and not any data beyond that.