Sportswear brand Under Armour announced today that its subsidiary MyFitnessPal was affected in a significant data beach, compromising as many as 150 million accounts.
Account information involved in the breach includes user names, email addresses, and hashed passwords, but no financial information like credit card numbers or government or identifiers like social security numbers.
Under Armour acquired MyFitnessPal, a website and mobile app for tracking diet and exercise activity, in 2015 for $475 million, when MyFitnessPal had 80 million users.
The service has since more than doubled in size thanks in part to the company’s largely agnostic approach to apps and fitness trackers, nearly all of which can be plugged into MyFitnessPal for tracking calories and exercise-related activity.
While the breach has not exposed particularly sensitive user data, it is a significant number of users and the situation will necessarily affect Under Armour’s stock, with shares dropping almost 4 percent in after-hours trading. Under Armour says it was made aware last week of the breach, which occurred some time in February.
The company has been working to notify affected users and is expected to work with the police and data security firms to try and trace the source of the breach.
“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” Under Armour said in a statement.
“The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”