MyFitnessPal data breach

Since a lot of us use MyFitnessPal to track our diet I wanted to share the following link with you all so you can take action if necessary:

1 Like

This is a quite relevant section as I did wonder what value encrypted passwords were

Most of the passwords are believed to be encrypted and hashed, meaning any buyer will have to crack the encryption to gain access to the accounts. However, because data breaches have become some common, a purchaser could cross-reference email addresses with previous breaches. If a person has reused a password, their account may be compromised. As a precaution, if you’ve used any of the affected services, it’s probably best to change your password.

They do not have 620 million accounts, surely?!

I think that’s the combined number of accounts put up for sale.

There are more companies involved with this data breach but I think MyFitnessPal is the one that is used most here on the forum that’s why I put it up.

Does this mean that with a few Bitcoins I could buy @Nates MFP profile and learn thst he still eats Popeye’s?

1 Like

Another great example of why data security and privacy is critical. Please use unique email addresses and passwords for every site. Even using the user+fud@domain.com with a service from Gmail (shudder) or even better a 33mail.com email address will go a long way in protecting you. This also why I’ve been asking @Nate_Pearson to enable 2FA on TrainerRoad. 620 million username/password combos can be useful since many still use the same email/pwd combo on every site they use. Easy to trawl the internet finding the clueless masses whom use this practice. 2FA will help them in some cases, but unique email username/password for every site will be the most effective.

Oh, and F*ck MyFitnesspal, they have an atrocious privacy policy, they are selling users data on massive scale.

3 Likes

This article (Fortune Magazine) says that it is the data from the MyFitnesspal data breach of last year. Not a new one, that has just appeared on the Dark web. So if you changed your details a year ago, that suggests the data being sold will be out of date. http://fortune.com/2019/02/14/hacked-myfitnesspal-data-sale-dark-web-one-year-breach/

“The MyFitnessPal app disclosed a data breach last year affecting as many as 150 million users. Now, some of those stolen credentials are popping up for sale on the dark web.”