About 150 million MyFitnessPal user accounts were hacked in February of this year, Under Armour has confirmed, though the company says it only became aware of the breach earlier this week.
Under Armour says that an unauthorized party breached accounts in late February, obtaining access to usernames, passwords and email addresses. Luckily that data doesn't include bank or social security information, but email addresses are often sold on to spammers.
It's the biggest data breach so far this year, casting a wider net than the Facebook Cambridge Analytica scandal, which saw 50 million Facebook accounts accessed. In a statement Under Armour said it is "working with leading data security firms to assist in its investigation" as well as law enforcement authorities. Shares dropped almost 4% in after-hours trading.
The nutrition and exercise app MyFitnessPal was acquired by Under Armour in 2015, and while no hack is a good hack, it comes timed to join a growing conversation around how our personal data is handled - and what happens to that data when smaller companies are snapped up by bigger ones.
If you're a MyFitnessPal user and haven't already received the notification telling you to change your password, we recommend you do so immediately.