MyFitnessPal breach: Data of 150 million users compromised

Late last night, users of health app MyFitnessPal received a notification from the company that their account information may have been compromised. The company acknowledged the breach and said that it has started notifying customers through an email as well as an in-app notification.

MyFitnessPal is one of the popular health and fitness app available on iOS and Android platform. Founded in 2005, MyFitnessPal was purchased and acquired by athletic apparel brand, Under Armour for $475 million in 2015.

The company claimed that on March 25, 2018, they learned that in February this year, an unauthorized party acquired data associated with MyFitnessPal user accounts. The affected information included usernames, email addresses, and hashed passwords, the majority with the hashing function called bcrypt used to secure passwords.

The email from Paul Fipps, Chief Digital Officer, MyFitnessPal, states, "Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities."

The company has started taking steps to protect the community, which includes notifying MyFitnessPal users to provide information on how they can protect their data and urging users to change their passwords immediately. The company also plans to continue to monitor suspicious activities and make enhancements to the systems to detect and prevent unauthorised access to user information.

MyFitnessPal also suggests users review their accounts for suspicious activity, be cautious of any unsolicited communications that ask for personal data or refer to a web page asking for personal data and even avoid clicking on links or downloading attachments from suspicious emails.