Fitness company Under Armor has asked its 150 million users to change their password after a data breach via a mailing and in-app notifications. The company has detected that one or more persons have penetrated the database.
That database contains passwords that the company had encrypted with the considered safe bcrypt and the outdated sha-1, Under Armor reports in a faq about the data breach. Other account information, such as payment information, was in another database and the malicious parties could not access it.
Under Armor discovered the data breach last Sunday. The company has now launched an investigation into how malicious people could break into the database and how it can prevent such incidents in the future. The company advises users not to click on links in mailings to prevent phishing and emphasizes that MyFitnessPal emails do not contain links. All users should change their password just to be safe.