Digital data thefts are on the rise and sports apparel merchant Under Armour has become the latest victim of the crime. The Baltimore (USA) based company has disclosed that there was a massive data breach into its food and nutrition app and website, MyFitnessPal, system earlier this year. An unauthorized party gained access to the system and was able to acquire data of about 150 million users.
Under Armour says the security breach happened in February, however the company only noticed it on March. It launched an investigation of the issue, with assistance from data security firms and law enforcement authorities. The investigation revealed that the hacker was able to acquire the usernames and email addresses of the users. The unauthorized party also obtained passwords, most encrypted using the bcrypt hashing function, but some were NOT. The company has not disclosed the percentage of account passwords that were not encrypted and pose the greatest security threat for users. Under Armour has subsequently contacted all the affected users, urging them to change their passwords for good.
Under Armour's range of fitness apps, including MyFitnessPal, are also available for Samsung Tizen Gear devices. Therefore people using any of these apps on Samsung Gear S2, Gear S3, Gear Sport and Gear Fit2 and Fit2 Pro are also advised to take appropriate measures to ensure future safety.
The company says the hacker didn’t obtain any payment information, as it is collected and processed separately. MyFitnessPal also does not collect details about any government issued IDs. This essentially means users don't need to replace their credit card, neither should they worry about identity theft.