Under Armour Inc. has on Thursday revealed breach of data in its MyFitnessPal diet and fitness earlier this year, involving some 150 million users. This incident which happened in February did not just send Under Armour into the growing list of “corporate victims of hacker attacks,” but plunged its athletic apparel maker shares by 4.6% in after-hours trade.

Bloomberg reports that Under Armour discovered the data breach earlier this week (four days ago) and has taken some steps to inform its MyFitnessPal users through emails and in-app messages. The firm’s stock, which had increased by 13% earlier fell as much as 4.6% to $15.59 in off period trading. Fortunately, payment card data, driver license numbers, Social Security numbers were not part of the stolen information. But account usernames, passwords and email addresses, which are information directly related to accessing MyFitnessPal portal, were stolen.

“Email addresses are valuable for spammers because the attackers would know that active, real users are behind these addresses,” said Engin Kirda, a professor in Boston. “The dark web is usually where data like this is sold to the highest bidder.”


Account usernames, passwords and email addresses, which are information directly related to accessing MyFitnessPal portal, were stolen.

This data breach is the biggest so far in 2018 and one of the top five till date, rated using the number of compromised records. The Yahoo 3 billion data breach in 2013 remains highest of its kind, followed by 500 million Yahoo accounts hacked in 2014. Others include the 412 million adult-website credentials stolen from FriendFinder Networks Inc., which represents the largest hack of 2016 and some 360 million compromised Myspace account in 2016, according to LeakedSource.

Under Armour did not provide details of the hack – how the data was pulled without anyone being caught or how its network was accessed. They have only admitted to working with the law enforcement and data security firms. Experts do not believe that the stolen information would be useless to the unauthorized party, even though more sensitive data were not harnessed. Cyber crimes are expected to take its toll from the large troves of emails stolen.

In 2015, the US federal indictment reports that email addresses stolen from JPMorgan Chase 83 million compromised account in 2014 were eventually used by the unauthorized party to boost stock prices in the pump-and-dump schemes.

MyFitnessPal users were advised to change their account passwords immediately as revealed on the company’s website. “We continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” Under Armour said. It also added that the company was bolstering systems which are designed to prevent reoccurrence of the incident by detecting and blocking illegal access to the information of users.

Under Armour took acquired MyFitnessPal for $475 million in 2015. A mobile app that provides nutrition services to millions of people by allowing them to track their exercise routines, diet and calorie intake, MyFitnessPal became a part of Under Armour’s connected fitness division, expanding the company’s athletic apparel and raised 1.8% of the mother company’s $5 billion annual revenue last year.