MyFitnessPal
What Happened
In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.
Compromised Data
Recommended Actions
Change Your Password
If you haven't changed your password on this service since the breach, do so immediately.
Enable Two-Factor Authentication
If 2FA is supported, add an extra layer of security to your account.
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password
Take action after a breach — Guardio spots what’s still at risk and blocks phishing scams and new threats before they compromise your data or finances.
Try Guardio
Get Aura for identity theft and credit protection. Keep your assets safe with fast fraud alerts, instant credit lock, and $1,000,000 identity theft insurance. Speak to a U.S. based fraud specialist 24/7.
Try AuraBreach Overview
-
Affected Accounts:
143.6 million
-
Breach Occurred:
February 2018
-
Added to HIBP:
21 Feb 2019
-
Attribution:
BenjaminBlue@exploit.im
Recommended Actions
Change Your Password
If you haven't changed your MyFitnessPal password since 2018, do so immediately.
Enable Two-Factor Authentication
Add an extra layer of security to your account.
Get Aura for identity theft and credit protection. Keep your assets safe with fast fraud alerts, instant credit lock, and $1,000,000 identity theft insurance. Speak to a U.S. based fraud specialist 24/7.
Try Aura
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password