Reuters reports on an Under Armour data breach affecting upwards of 150 million MyFitnessPal user accounts:
The stolen data includes account user names, email addresses and scrambled passwords for the popular MyFitnessPal mobile app and website, Under Armour said in a statement. Social Security numbers, driver license numbers and payment card data were not compromised, it said.
It is the largest data breach this year and one of the top five to date, based on the number of records compromised, according to SecurityScorecard.
Larger hacks include 3 billion Yahoo accounts compromised in a 2013 incident and credentials for more than 412 million users of adult websites run by California-based FriendFinder Networks Inc in 2016, according to breach notification website LeakedSource.com.
Under Armour said it is working with data security firms and law enforcement, but did not provide details on how the hackers got into its network or pulled out the data without getting caught in the act.
I have yet to locate a single article discussing how the breach occurred or any potential vulnerability exploited by the attackers to gain access to MyFitnessPal data.
If you use MyFitnessPal, I strongly suggest you immediately login and change your password, especially if you reused a password you are using elsewhere [like the vast majority of internet users].