150 million accounts breached. The SEC investigated whether executives dumped stock before telling users. Under Armour's Connected Fitness platform — shared by MapMyRun, MapMyFitness, and MyFitnessPal — exposed email addresses and passwords for a population larger than most countries. Your running app belongs to a sportswear company that couldn't protect a database. Under Armour executives may have sold stock before telling 150 million users their data was stolen. The SEC investigated. If the people running the company protect their portfolios before protecting your data, you know exactly where you stand in their priorities.
What they claim: Under Armour promotes MapMyRun as a secure fitness tracking platform
What we found: In 2018, Under Armour disclosed a data breach affecting 150 million MyFitnessPal accounts — which shares the same Connected Fitness platform as MapMyRun. The breach exposed usernames, email addresses, and hashed passwords. Under Armour detected the breach in March 2018 and disclosed it four days later. The SEC investigated the timing of insider stock sales before the disclosure.
What they claim: Under Armour describes Connected Fitness data as helping users achieve fitness goals
What we found: The SEC investigated Under Armour executives for potentially dumping stock before disclosing the 150 million-account MyFitnessPal breach — which shares the Connected Fitness platform with MapMyRun. The SEC found Under Armour misled investors about the impact. If executives sell stock before telling users about a breach, the company's priorities are clear: protect the stock price first, protect the users never.