What does the MyFitnessPal compromise mean for me?

For the past couple of years I’ve recommended that people use the free app MyFitnessPal to track things like food intake, exercise and weight.  Recording these things over time allows us to track progress being made and helps achieve results.  So it was disappointing this weekend to hear of a MyFitnessPal compromise. The data which the company stores on users of the app has been breached.  You may be thinking, what does this mean for me?  Allow me to explain based on the information released by MyFitnessPal!

What happened?

MyFitnessPal have stated that data associated with user accounts was obtained by a third party in February this year.  This data includes usernames, email addresses and passwords, with the majority of the passwords being encrypted.  MyFitnessPal haven’t said how strong the password encryption is.  As a worst case (with the weakest encryption), the passwords associated with accounts may be able to be recovered by the third party.

What should I do?

Firstly, I recommend that you log in to MyFitnessPal and change your password.  Change it to a password that you’re not using for any other app or Internet service.  (In fact, I recommend that you use different passwords for each app you use.  A password manager app may help you keep track of all these different passwords – let me know if you need more info on password managers…)

Secondly, as email addresses are part of the information that has been obtained by the unauthorised party, be on the lookout for suspicious emails, particularly emails asking you for personal information or to click on links that don’t quite look right.  MyFitnessPal for example have stated that they won’t send emails asking you for personal information or link to websites asking for personal information.  It’s a good general rule not to provide personal information in response to emails.

If you have any questions that I haven’t answered in this post, please leave a comment below and I’ll get back to you!