MyFitnesspal Data Breach

IceNine · 2018-03-29 23:31:21 UTC

Got this email a moment ago. Maybe now those idiots will at least start using SSL?

NOTICE OF DATA BREACH

To the MyFitnessPal Community:

We are writing to notify you about an issue that may involve your MyFitnessPal account information. We understand that you value your privacy and we take the protection of your information seriously.

What Happened?

On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.

What Information Was Involved?

The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.

What We Are Doing

Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.

We are taking steps to protect our community, including the following:
We are notifying MyFitnessPal users to provide information on how they can protect their data.
We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
What You Can Do

We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:
Change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.
Review your accounts for suspicious activity.
Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
Avoid clicking on links or downloading attachments from suspicious emails.
For More Information

For more information, please go to https://content.myfitnesspal.com/security-information/FAQ.html.

Sincerely,

Paul Fipps
Chief Digital Officer

collaroygal · 2018-03-29 23:54:12 UTC

Dang!!! I haven’t gotten an email yet but I have been on MFP for years, if I don’t get one I will be very surprised indeed.

Thanks for the heads up, I’ll go change my password now, I like to be proactive…

Tmdlkwd · 2018-03-30 03:27:47 UTC

Thanks!
Just got this too

Keto6468 · 2018-03-30 03:55:11 UTC

Thanks for the info. Changed password and notified sisters

K

Jack_Brien · 2018-03-30 20:53:51 UTC

I got the email. Seems to be happening a lot. I had a scam call the other day. Guy knew my name, address, phone number and at first the call sounded relatively genuine. Until he asked for a ‘reference number’ from my cheque book!

yoketomama · 2018-03-30 21:38:58 UTC

Wow! I’ve been getting a ridiculous number of phone calls from numbers I don’t recognize and practically never answer them because of this type of thing. I started using Nomorobo and most of those calls drop after one ring (I wish it was zero!)

I’m pretty new here and hope it’s okay to mention that service. If not, I’ll delete it…

dub · 2018-03-31 14:55:16 UTC

Well if they used bcrypt, the passwords should not be compromised… still, never use the same password across sites!

collaroygal · 2018-04-12 20:52:18 UTC

Actually this can be found still in white pages directories. Both hard copy and online ones. I just have all my calls go to voice mail. if it is someone I know and want to speak with, I call them back. With a last name starting with A we get calls almost none stop all day, Even though we are on the no call listing for both landline and cell nos. it is even happening on our cell phones now. If a number doesn’t come up with contact info, it is deleted immediately.

collaroygal · 2018-04-12 20:51:03 UTC

Unfortunately not all of them were bcrypt/hashed. I use a unique name and password over there anyway and bare minimum of info is given to them. Unless someone really wants to know what say when chatting with other mfpers about, not much use to anyone. My diary is not a public one. I just changed my password and got on with my life.

Since I started using the internet, many decades ago, I realized it is a giant postcard. I don’t put anything up that I would show to the whole world.

OldDoug · 2018-04-12 20:55:38 UTC

If I was a judge, in cases of identity theft I’d be a ‘hangin’ judge.’