What Happened
In February 2018, MyFitnessPal, a popular health and fitness app owned by Under Armour, suffered a massive data breach that exposed approximately 150 million user accounts, making it one of the largest breaches in the health tech industry. The breach compromised usernames, email addresses, IP addresses, and hashed passwords (stored using SHA-1 and bcrypt encryption), but did not include sensitive data such as Social Security numbers, government-issued identification, or payment card information. Under Armour discovered the breach on March 25, 2018, and publicly disclosed it in late March, promptly notifying affected users via email and in-app messaging while requiring password changes. The stolen data subsequently appeared for sale on dark web marketplaces in 2019 and began circulating more broadly.
