Under Armour confirmed late Thursday that a data breach has affected approximately 150 million MyFitnessPal accounts. The initial reports suggest that stolen data may include usernames, email addresses and hashed (not plain-text) passwords.
According to CNBC, the data stolen doesn’t include payment data such as credit cards, which is stored separately. Under Armour doesn’t collect more sensitive information such as social security numbers or driver licenses, so none of that information is at risk.
It’s not initially clear how long Under Armour has known about the data breach, how it occurred or when. Companies traditionally conduct at least a preliminary investigation to discover the size of the breach before warning customers, so it’s possible that sensitive information has been in the hands of hackers for months.