Under Armour revealed on Thursday after the markets closed that its MyFitnessPal app has been hacked.
“The investigation indicates that the affected information included usernames, email addresses, and hashed passwords R12; the majority with the hashing function called bcrypt used to secure passwords,” said the statement, referring to the use of a stronger password hashing algorithm.
Read also: Under Armour buys MapMyFitness in $150 million wearable computing play | Will Under Armour’s big data, app experiment pay off? | Under Armour at CES highlights digital transformation efforts as clothing, wearables, apps, data merge
The company said payment card data was not affected. Under Armour is currently notifying MyFitnessPal users about the breach via email and in-app messaging, and it’s requiring all app users to change their passwords.
Later in the day, the California attorney-general released the company’s data breach notification, per the state’s law — a mirror statement of what the company posted on its website.
Under Armour, thanks to its acquisitions of several fitness app firms — including MyFitnessPal — has amassed massive amounts of data on both professional athletes and fitness enthusiasts. The company has even claimed to have the largest database of athlete behavior, including stats on workouts, nutrition, and sleep patterns. Under Armour has said that it uses this trove of data to make its gear smarter.
The data has helped Under Armour morph from an apparel maker into an athletic performance and technology company, rivaling Nike for the same target demographic.
Under Armour’s connected fitness platforms includes UA Record, MapMyFitness, Endomondo, and MyFitnessPal, and all of those platforms have unified to run on Amazon Web Services.