Under Armour’s popular health app and corresponding website MyFitnessPal was hit with a security breach that exposed the usernames, email addresses and passwords of about 150 million users.
In late February, an “unauthorized party” reportedly hacked into the health-tracking service, stealing account usernames, email addresses, and hashed passwords.
Fortunately, the exposed codes were scrambled using the bcrypt hashing algorithm, so they’ll be tough for the thieves to crack. Still, users are urged to change their MyFitnessPal credentials (and any other accounts using the same password) immediately.
MyFitnessPal also published additional security information and guidelines online, going as far as to suggest placing a “security freeze” on credit files to prevent fraudulent charges.