Popular MyFitnessPal App Breached, 150 Million Accounts Affected

Popular Under Armour-owned workout and health app MyFitnessPal has been breached, and data has been compromised from about 150 million accounts.

MyFitnessPal issued its own notice of data breach, saying that “the affected information included usernames, email addresses, and hashed passwords — the majority with the hashing function called bcrypt used to secure passwords.”

Breach notices often only point out that some information was left unsecured, while noting that someone might have acquired information. But this case appears to be more definitive, as MyFitnessPal says that “an unauthorized party acquired data.”

MyFitnessPal urges users to change their passwords as soon as possible. There were no further details reported about how the breach occurred, and the breach is still under investigation.

The notice didn’t include any information about how many users were affected — that “150 million accounts” number comes from a Reuters report. Based on the number of records compromised, this is the largest breach of the year, as noted by SecurityScorecard.

[Check out our article Stay Aware: Security Risks In Fitness Apps.]

This isn’t the first high-profile privacy issue to befall a fitness app this year. In January, Strava drew criticism for its Global Heatmap, which revealed detailed locations of military bases around the world. It was also revealed that Strava’s anonymous data could be “de-anonymized.”

More On MyFitnessPal

MyFitnessPal is an extremely popular app, ranked second overall in the Health & Fitness section in Apple’s App Store. The developer claims it’s “the world’s most popular health and fitness app.” Highly regarded, it has a current rating of 4.7 stars.

The MyFitnessPal app works as a calorie counter and diet tracker. It also allows users to connect other apps and devices to sync workouts, and it tracks steps, logs workout information, and more. There’s also a premium version of the app that costs $10/month or $50/year.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews