According to March 29 press release issued by Under Armour, which owns MyFitnessPal, the breach affected the accounts of some 150 million users. Compromised information includes user names, email addresses and hashed passwords.
Steven Waldren, M.D., director of the AAFP's Alliance for eHealth Innovation, told AAFP News that some of those app users are patients of family physicians.
"I know that some of our members recommend this product to their patients who are working toward better health by improving their diet and increasing their activity levels," said Waldren. "Therefore, it's appropriate to alert family physicians who, in turn, can make patients aware of this security issue when appropriate."
In its release, Under Armour indicated that it was notifying MyFitnessPal users about the breach via email and through in-app messaging. The company said it was requiring users to change their passwords and urged them to do so immediately.
"The affected data did not include government-issued identifiers such as Social Security numbers and driver's license numbers," said the release. "Payment card data was also not affected because it is collected and processed separately."
In a separate FAQ, the company released additional details about the breach, which took place in February when "an unauthorized party acquired data associated with MyFitnessPal user accounts." Under Armour said it became aware of the breach on March 25.
Related AAFP News Coverage
USPSTF Draft Recommendation
Intensive Behavioral Interventions Recommended for Obesity
More From AAFP
FPM: SPPACES: Medical App Reviews: Four Mobile Apps to Encourage Healthy Habits
FPM: SPPACES: Medical App Reviews: MyFitnessPal