It looks like hackers have breached the armor of Under Armour, the athletic apparel brand, with the data breach exposing details of over 150 million MyFitnessPal users.
The data breach exposes MyFitnessPal users' usernames, email addresses, and hashed passwords. Government-issued identifiers such as social security numbers and drivers licenses weren't exposed, as the app doesn't collect that sort of data, including credit cards.
The intrusion was detected in late-February, but Under Armour began working with authorities on March 25. Under Armour purchased MyFitnessPal in 2015 for $475 million.
The company released a press release talking about the situation: "The affected data did not include government-issued identifiers (such as Social Security numbers and driver's license numbers), which the company does not collect from users. Payment card data was also not affected because it is collected and processed separately. The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue".
They continued: "Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately".