Exercise- and diet-tracking app MyFitnessPal announced yesterday that hackers had obtained account information for 150 million users. “On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts,” the app, which is owned by Under Armour, states in an FAQ about the breach on its website.
The stolen information includes usernames, email addresses and hashed passwords but does not include credit card information, since MyFitnessPal processes payments separately. MyFitnessPal is emailing users to ask them to change their passwords and be on the lookout for phishing emails.
According to USA Today, it is the 4th-biggest reported data breach of all time, after two separate Yahoo! hacks in 2016 and the May 2016 MySpace hack. It narrowly beats out the Equifax hack of September 2017 and the eBay hack of May 2014, both of which affected approximately 145 million users.
But let’s look on the bright side! MyFitnessPal points out that there’s lots of completely unrelated sensitive personal data that was not in the breach:
The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers) because we don’t collect that information from users.
The breach also did not include birth certificates, last year’s tax return or 6th-grade class photos, since MyFitnessPal doesn’t collect that data either. So, uhhh, count your blessings, we guess?