Under Armour Reveals MyFitnessPal Data Breach Affecting 150 Million Users


Under Armour has revealed a data breach affecting 150 million MyFitnessPal users, leading to millions of stolen usernames, emails and passwords.

On Thursday, Under Armour said that an unauthorized party acquired personal data from MyFitnessPal user accounts. While the breach occurred in late February 2018, the company said it only become aware of the issue on March 25.

According to an internal investigation at Under Armour, the security issue compromised usernames, email addresses and hashed passwords. Government-issued identifiers, such as Social Security numbers and driver’s license numbers, were not affected as the company doesn’t collect that data. Payment card data also went unscathed as it is collected and processed separately.

Under Armour said it has taken taken steps to determine the nature and scope of the breach and is working with leading data security firms and law enforcement to assist in its investigation. Affected users are being notified via email and through in-app messaging, though the company is requiring all MyFitnessPal users to change their passwords immediately.

Get The Latest Sports Tech News In Your Inbox!

SportTechie Takeaway:

Under Armour has been working to position itself as a digital fitness company, with an expansive global community connected through its workout apps and new sneakers with chips that can track runs and communicate their data via Bluetooth with a runner’s mobile device. But this data breach is a setback. 

The company’s connected fitness business has been growing significantly faster than its traditional apparel and accessories businesses. In Under Armour’s most recent financial quarter, connected fitness revenue climbed 30.8 percent, while apparel, footwear and accessories revenue increased 2.5 , 9.5 , and 6.1 percent, respectively.

Sportswear companies, such as Under Armour and Nike, have been relying on their apps to engage customers beyond their physical products. Nike also has an extensive fitness community through its Nike Running Club and Nike Training Club apps, and it recently partnered with Headspace to integrate mindfulness and meditation as a service to its guided runs and implemented a loyalty system that rewards active users with discounts to things such as Headspace subscriptions and Apple products.

Protecting user data is a reality that these traditionally brick-and-mortar companies must now face as they rely increasingly on digital to expand their footprints. A breach of user trust is a setback in these efforts.