Fresh details have surfaced regarding the February 2018 data breach that affected 150 million users of the MyFitnessPal app, a service run by health and fitness company Under Armour.
The breach notification submitted by the company to the Australian Government has been made public due to the country’s Freedom of Information Act. From the document, “the company believes approximately 3,977,385 Australian user accounts were affected by the issue”.
The user data that was potentially accessed by the attacker includes usernames, email addresses and hashed passwords – which are theoretically secure but can occasionally be cracked if a hacker finds a vulnerability.
In fact, Under Armour revealed that a portion of its MyFitnessPal accounts had their passwords hashed using a notoriously insecure method known as SHA-1, which already possesses known weaknesses, although the number of these accounts wasn’t disclosed.
Under Armour claims that it had sent all affected users notices on March 29, so check your email if you’re not sure whether or not you’re one of the four million affected accounts.
Naturally, if you are one of these individuals and haven’t already done so, we recommend changing your password for any login that's associated with the same email address used for your MyFitnessPal account.