March 29 (UPI) — Under Armour announced Thursday that users of its MyFitnessPal app may have been victimized by a massive data breach. An estimated 150 million accounts on the app were affected.
The sports apparel company said an “unauthorized user” obtained user data in late February, but was not aware of the breach until March 25. On Thursday, users of the app were notified via email and in-app messaging.
In a statement, Under Armour said the breached data include “usernames, email addresses, and hashed passwords – the majority with the hashing function called ‘bcrypt’ used to secure passwords.”
The breached data did not include social security government-issued identifiers, such as Social Security numbers or driver’s license numbers, or credit card information.
“Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities,” the company said.
After Under Armour announced the data breach, the company’s stock value dropped 3 percent.
Eric Schiff, chairman of Reputation Management Consultants in Los Angeles, told the Baltimore Sun that Under Armour could face a backlash from customers, in part because the company waited several days before announcing the app was hacked.
“Most customers would rather chew glass than have their accounts hacked, and Under Armour is at the end of the day responsible and is going to feel a blistering amount of heat because of it,” Schiff said.
He added: “Four days is an eternity to alert customers to protect themselves.”