Data breach: Whopping 150 million MyFitnessPal accounts compromisedLast updated on Mar 30, 2018, 02:09 pm
The MyFitnessPal app, which is a widely used as free calorie counter and exercise journal, has been affected by a data breach that has compromised personal information of as many as 150 million users.
The breached account information includes usernames, e-mail addresses, and encrypted passwords.
The news was announced by MyFitnessPal's parent company Under Armour, which is a US-based sportswear brand.
The breach had occurred in February
According to Under Armour, the breach occurred in February but has only come to notice now.
The company has already notified its users to immediately change their passwords. "The notice contains recommendations for MyFitnessPal users regarding account security steps," Under Armour said.
The company will reportedly work with the police and data security organizations to figure out the source of the breach.
Wait, did you say encrypted passwords?
Most of the stolen MyFitnessPal passwords are encrypted with a hashing algorithm called bcrypt.
Ideally, the bcrypt algorithm is so slow and computationally demanding that decrypting the hashed passwords would take hackers centuries.
However, brcypt is prone to implementation mistakes, the biggest example of which is the Ashley Madison 2015 breach, where passwords of 11 million users were decoded in 10 days.
Under Armour's stocks dropped 4%
With encrypted passwords, it should mean that the breach hasn't exposed particularly sensitive user data.
Whatever be the case, Under Armour's stocks have already been affected by the news and have dropped almost 4% in after-hours trading.
Under Armour had acquired MyFitnessPal in 2015 for $475 million. At that time, MyFitnessPal had 80 million users which have now more than doubled.