Personal Information Leaked After Popular App Experiences Data Breach


Published March 31, 2018 at 2:05 am


A recent data breach has potentially compromised some personal information of a significant number of people who use a popular health and fitness app.

Yesterday, MyFitnessPal–an app that allows users to track their calories by inputting their daily eating and exercise regime into the system–told users about the data breach in an email. 

“We are writing to notify you about an issue that may involve your MyFitnessPal account information. We understand that you value your privacy and we take the protection of your information seriously,” Paul Fipps, chief digital officer, said in an email.

Fipps said that on March 25, the company became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts. The breach reportedly happened in February.

The affected information includes usernames, email addresses, and hashed passwords, the majority with the hashing function called bcrypt used to secure passwords. 

“Once we became aware, we quickly took steps to determine the nature and scope of the issue,” said Fipps. “We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.”

The company says it’s notifying MyFitnessPal users of the breach and offering information on how they can protect their data.

The company says app users will be required change their passwords immediately.

Fipps said the company is monitoring for suspicious activity making enhancements to its systems to “detect and prevent unauthorized access to user information.”

“We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information,” Fipps says. “We recommend you change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.”

MyFitnessPal is also asking users to review their accounts for suspicious activity and be cautious of any unsolicited communications that ask for personal data or refer them to a web page asking for personal data.”

Users are also asked to avoid clicking on links or downloading attachments from suspicious emails.

For more information, click here.

insauga's Editorial Standards and Policies

Related News