Users of MyFitnessPal have just received an email outlining a major security breach which reportedly occurred in February of 2018. The email coming from Paul Fipps, MyFitnessPal’s Chief Digital Officer, explains that on March 25, 2018 (4 days prior to reporting the breach) MyFitnessPal became aware of a hacker gaining access to “usernames, email address and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.”
While it’s reassuring that Fipps is quick to point out that the passwords were hashed to obfuscate them (as opposed to plain text passwords), it’s strange that he went to the extent of detailing the hashing method utilized. Perhaps a tech-savvy individual might take comfort in this information, but ultimately it doesn’t mean much to the average user of MyFitnessPal’s Android app.
Fipps asks users in the email to change their passwords and keep an eye out for suspicious activity on their accounts. He also mentions that users should “avoid clicking on links or downloading attachments from suspicious emails”, perhaps he feels that a phishing attempt is imminent on the app’s users. I suppose with the amount of personal information included in MyFitnessPal it is plausible that phishing targets may be more likely to be tricked into falling for an attack.
If you’re a user of MyFitnessPal’s app I encourage you to check out the full email below about the app’s hack and to stay vigilant:
To the MyFitnessPal Community:
We are writing to notify you about an issue that may involve your MyFitnessPal account information. We understand that you value your privacy and we take the protection of your information seriously.
On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts. The affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.
Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.
We are taking steps to protect our community, including the following:
- We are notifying MyFitnessPal users to provide information on how they can protect their data.
- We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
- We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
- We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:
- Change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
- Avoid clicking on links or downloading attachments from suspicious emails.
For more information, please go to https://content.myfitnesspal.
Chief Digital Officer