MyFitnessPal has alerted its users regarding a security breach that took place a few days ago. The “unauthorized party” was able to obtain sensitive user information such as emails and passwords which can be a huge problem given that a large number of people who use the fitness app.
There have been increased reports of security breaches like this recently. There was a ransomware attack that occurred recently that left users locked out of their computers until a ransom was paid. However, not that many people were affected in that ransomware attack as compared to this one. MyFitnessPal is arguably the biggest Fitness app available with over hundreds of millions of users.
The app is available on Ios and Android and it’s pretty easy to use. It’s a handy app that lets you track your daily caloric intake and also tells you what that intake should be according to your goals, age, gender, and height. It’s completely free to use and it also has a built-in blog which gets updated with recipes, workouts, and tips every day. The app, however, does offer a few advanced features which users can only access through buying the premium membership. Whether you were a premium user or a free user, your data may be at risk as over 150 million users were affected by the recent security breach. Here’s what MyFitnessPal had to say:
“On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts. The affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.”
Most big apps/websites use hashing algorithms in order to secure their passwords. Hashing algorithms apply a hash function to your password which converts it into a large hexadecimal string such as “7d9588bc01f6ef15957a83c48fd0932ae1dfe3c9”. These strings are hard to decrypt or make sense of and each password gets a unique “hash“, therefore they’re able to secure each password using hash functions.
However, in this case, the hash function itself was also compromised alongside the usernames and passwords which means that the hackers can easily decrypt everyone’s user information. This not only makes your MyFitnessPal account unsafe but your other accounts as well. Many people link their accounts to Facebook which means that the hackers could potentially get your Facebook details as well, which is why users should change their passwords immediately.
Furthermore, many people don’t even create MyFitnessPal accounts. The app has a handy feature to either “Log in with Facebook” or “Log in with Google”, so you don’t need to make an account, you can just use your Facebook or Google account instead. The problem this creates is that now the hackers have access to the login information of these accounts. Therefore, if you’ve logged in using Facebook for MyFitnessPal, then change your FB password as soon as possible.
There’s no word yet on who’s responsible for the security breach or how it even occurred. The people at MyFitnessPal are “working on it”.
“We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.”
MyFitnessPal has advised all of its users to change their passwords for not only their MFP accounts but also for accounts in which they’ve used similar usernames and passwords to the ones in MFP. They’ve also warned against clicking on links or downloading attachments from suspicious emails.
It is to be noted that mostly login details were compromised during the breach. The compromised data does not include government-issued identifiers such as Social Security numbers and driver’s license numbers. The source of the attack hasn’t been found yet but it’s only a matter of time before they find out.