Under Armour Hacked, 150 Million MyFitnessPal Accounts Compromised

Under Armour confirmed Thursday that millions of MyFitnessPal accounts have been compromised in a hacking incident that occurred last month.

According to reports, an unknown group of cybercriminals was able to steal data tied to around 150 million MyFitnessPal accounts. The application breach reportedly occurred last February but was only discovered earlier this week.

The incident is now considered one of the biggest hacks in history based on the number of records stolen. The news caused Under Armour‘s shares to drop by around 3.8 percent.

The compromised data reportedly includes email addresses, account usernames, and passwords for the MyFitnessPal mobile application and website.

The company said no Social Security numbers nor driver license numbers were hacked as they are not collecting that information from their users. It also assured everyone that no payment card information was stolen during the breach.

While no financial data was compromised, the massive number of email addresses are still considered valuable information to cybercriminals.

“Email addresses are valuable for spammers because the attackers would know that active, real users are behind these addresses,” Engin Krida, a Northeastern University professor told Bloomberg. “The dark web is usually where data like this is sold to the highest bidder.”

In their website, Under Armour has introduced a notification informing every visitor that it will require all MyFitnessPal account holders to change their passwords immediately.

“We continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” the company said.

Under Armour started informing affected users of the breach yesterday, a few days after they learned of the data breach. News of the hacking incident comes just a day after aircraft manufacturing giant, Boeing, announced that its computer systems network had been hit by WannaCry virus.