/

MyFitnessPal Data Breach: What & How It Happened?

MyFitnessPal Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In February 2018, MyFitnessPal, a nutrition application owned by Under Armour, experienced a data breach. The incident involved unauthorized access to user information, affecting a number of accounts. The breach was detected in March, and users were notified. Under Armour took measures to secure the app and worked with authorities to investigate the breach.

How many accounts were compromised?

The breach impacted data related to 150 million individuals.

What data was leaked?

The data exposed in the breach included email addresses, usernames, and hashed passwords.

How was MyFitnessPal hacked?

Hackers exploited a vulnerability in MyFitnessPal's encryption functions and possibly took advantage of weak employee actions. The exposed passwords were protected by a known weak function called SHA-1, which had been flawed for over a decade, allowing the attackers to access the data.

MyFitnessPal's solution

In response to the hacking incident, MyFitnessPal took several measures to secure its platform and prevent future breaches. These actions included notifying users and advising them to change their passwords immediately, stopping valid passwords from 2018 from accessing accounts, and bolstering systems that detect and prevent unauthorized access to user information. The company also monitored for suspicious activity and coordinated with law enforcement authorities in their efforts to investigate the breach and enhance platform security.

How do I know if I was affected?

MyFitnessPal notified users believed to be affected by the breach. If you're a MyFitnessPal user and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform.

For specific help and instructions related to MyFitnessPal's data breach, please contact MyFitnessPal Support directly.

Where can I go to learn more?

If you want to find more information on the MyFitnessPal data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

MyFitnessPal Data Breach: What & How It Happened?

MyFitnessPal Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In February 2018, MyFitnessPal, a nutrition application owned by Under Armour, experienced a data breach. The incident involved unauthorized access to user information, affecting a number of accounts. The breach was detected in March, and users were notified. Under Armour took measures to secure the app and worked with authorities to investigate the breach.

How many accounts were compromised?

The breach impacted data related to 150 million individuals.

What data was leaked?

The data exposed in the breach included email addresses, usernames, and hashed passwords.

How was MyFitnessPal hacked?

Hackers exploited a vulnerability in MyFitnessPal's encryption functions and possibly took advantage of weak employee actions. The exposed passwords were protected by a known weak function called SHA-1, which had been flawed for over a decade, allowing the attackers to access the data.

MyFitnessPal's solution

In response to the hacking incident, MyFitnessPal took several measures to secure its platform and prevent future breaches. These actions included notifying users and advising them to change their passwords immediately, stopping valid passwords from 2018 from accessing accounts, and bolstering systems that detect and prevent unauthorized access to user information. The company also monitored for suspicious activity and coordinated with law enforcement authorities in their efforts to investigate the breach and enhance platform security.

How do I know if I was affected?

MyFitnessPal notified users believed to be affected by the breach. If you're a MyFitnessPal user and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform.

For specific help and instructions related to MyFitnessPal's data breach, please contact MyFitnessPal Support directly.

Where can I go to learn more?

If you want to find more information on the MyFitnessPal data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

MyFitnessPal Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In February 2018, MyFitnessPal, a nutrition application owned by Under Armour, experienced a data breach. The incident involved unauthorized access to user information, affecting a number of accounts. The breach was detected in March, and users were notified. Under Armour took measures to secure the app and worked with authorities to investigate the breach.

How many accounts were compromised?

The breach impacted data related to 150 million individuals.

What data was leaked?

The data exposed in the breach included email addresses, usernames, and hashed passwords.

How was MyFitnessPal hacked?

Hackers exploited a vulnerability in MyFitnessPal's encryption functions and possibly took advantage of weak employee actions. The exposed passwords were protected by a known weak function called SHA-1, which had been flawed for over a decade, allowing the attackers to access the data.

MyFitnessPal's solution

In response to the hacking incident, MyFitnessPal took several measures to secure its platform and prevent future breaches. These actions included notifying users and advising them to change their passwords immediately, stopping valid passwords from 2018 from accessing accounts, and bolstering systems that detect and prevent unauthorized access to user information. The company also monitored for suspicious activity and coordinated with law enforcement authorities in their efforts to investigate the breach and enhance platform security.

How do I know if I was affected?

MyFitnessPal notified users believed to be affected by the breach. If you're a MyFitnessPal user and haven't received a notification, you may visit HaveIBeenPwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform.

For specific help and instructions related to MyFitnessPal's data breach, please contact MyFitnessPal Support directly.

Where can I go to learn more?

If you want to find more information on the MyFitnessPal data breach, check out the following news articles: