Important Message Regarding MyFitnessPal Account Security

Page 1 of 2

NOTICE OF DATA BREACH
March 29, 2018
To the MyFitnessPal Community:
We are writing to notify you about an issue that may involve your
MyFitnessPal account information. We understand that you value your
privacy and we take the protection of your information seriously.

What Happened?
On March 25, 2018, we became aware that during February of this year
an unauthorized party acquired data associated with MyFitnessPal user
accounts.

What Information Was Involved?
The affected information included usernames, email addresses, and
hashed passwords - the majority with the hashing function called bcrypt
used to secure passwords.

What We Are Doing
Once we became aware, we quickly took steps to determine the nature
and scope of the issue. We are working with leading data security firms
to assist in our investigation. We have also notified and are
coordinating with law enforcement authorities.
We are taking steps to protect our community, including the following:
• We are notifying MyFitnessPal users to provide information on
how they can protect their data.
• We will be requiring MyFitnessPal users to change their
passwords and urge users to do so immediately.
• We continue to monitor for suspicious activity and to coordinate
with law enforcement authorities.

https://content.myfitnesspal.com/security-information/notice.html

03/29/2018

 Important Message Regarding MyFitnessPal Account Security

Page 2 of 2

• We continue to make enhancements to our systems to detect and
prevent unauthorized access to user information.

What You Can Do
We take our obligation to safeguard your personal data very seriously
and are alerting you about this issue so you can take steps to help
protect your information. We recommend you:
• Change your password for any other account on which you used
the same or similar information used for your MyFitnessPal
account.
• Review your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your
personal data or refer you to a web page asking for personal data.
• Avoid clicking on links or downloading attachments from
suspicious emails.

For More Information
For more information, please go to
https://content.myfitnesspal.com/security-information/FAQ.html.
Sincerely,
Paul Fipps
Chief Digital Officer

https://content.myfitnesspal.com/security-information/notice.html

03/29/2018

 Security Information FAQ

Page 1 of 5

MyFitnessPal Account Security Issue:
Frequently Asked Questions
1. What happened?
On March 25, 2018, we became aware that during February of this year
an unauthorized party acquired data associated with MyFitnessPal user
accounts.

2. What did MyFitnessPal do when it discovered the
issue?
Once we became aware, we quickly took steps to determine the nature
and scope of the issue. We are working with leading data security firms
to assist in our investigation. We have also notified and are
coordinating with law enforcement authorities.
We are taking steps to protect our community, including the following:
• We are notifying MyFitnessPal users to provide information on
how they can protect their data.
• We will be requiring MyFitnessPal users to change their
passwords and urge users to do so immediately.
• We continue to monitor for suspicious activity and to coordinate
with law enforcement authorities.
• We continue to make enhancements to our systems to detect and
prevent unauthorized access to user information.

3. What information was affected by this issue?
The affected information included usernames, email addresses, and
hashed passwords - the majority with the hashing function called bcrypt
used to secure passwords.

https://content.myfitnesspal.com/security-information/FAQ.html

03/29/2018

 Security Information FAQ

Page 2 of 5

The affected data did not include government-issued identifiers (such
as Social Security numbers and driver's license numbers) because we
don't collect that information from users. Payment card data was not
affected because it is collected and processed separately.

4. What is a "hashed password"?
Hashing is a one-way mathematical function that converts an original
string of data into a seemingly random string of characters.

5. What is "bcrypt"?
Bcrypt is a password hashing mechanism that incorporates security
features, including multiple rounds of computation, to provide advanced
protection against password cracking.

6. What hashing function was used to protect the
MyFitnessPal account information that was not
protected by bcrypt?
The MyFitnessPal account information that was not protected using
bcrypt was protected with SHA-1, a 160-bit hashing function.

7. When did MyFitnessPal become aware of the
issue?
On March 25, 2018, we became aware that during February of this year
an unauthorized party acquired data associated with MyFitnessPal user
accounts.

8. Do you know who did this?
We do not know the identity of the unauthorized party. Our investigation
into this matter is ongoing.

9. Who is being notified?
We are notifying MyFitnessPal users to provide information on how
they can protect their data.

10. What is the company doing to protect my
MyFitnessPal account?

https://content.myfitnesspal.com/security-information/FAQ.html

03/29/2018

 Security Information FAQ

Page 3 of 5

Once we became aware, we quickly took steps to determine the nature
and scope of the issue. We are working with leading data security firms
to assist in our investigation. We have also notified and are
coordinating with law enforcement authorities.
We are taking steps to protect our community, including the following:
• We are notifying MyFitnessPal users to provide information on
how they can protect their data.
• We will be requiring MyFitnessPal users to change their
passwords and urge users to do so immediately.
• We continue to monitor for suspicious activity and to coordinate
with law enforcement authorities.
• We continue to make enhancements to our systems to detect and
prevent unauthorized access to user information.

11. I think I received an email about this issue. How
do I know it is really from MyFitnessPal?
Click here to view the content of our email notice to MyFitnessPal
users. Please note that the email from MyFitnessPal about this issue
does not ask you to click on any links or contain attachments and does
not request your personal data. If the email you received about this
issue prompts you to click on a link, suggests you download an
attachment, or asks you for information, the email was not sent by
MyFitnessPal and may be an attempt to steal your personal data. Avoid
clicking on links or downloading attachments from such suspicious
emails.

12. I think I received a message about this issue in
the MyFitnessPal app. What should I do?
The in-app message from MyFitnessPal contains a link to our notice to
MyFitnessPal users about this issue. Click here to view the content of
our in-app notice to MyFitnessPal users.

13. What should I do to help protect my information?
We take our obligation to safeguard your personal data very seriously
and are alerting you about this issue so you can take steps to help
protect your information. We recommend you:

https://content.myfitnesspal.com/security-information/FAQ.html

03/29/2018

 Security Information FAQ

Page 4 of 5

• Change your password for any other account on which you used
the same or similar information used for your MyFitnessPal
account.
• Review your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your
personal data or refer you to a web page asking for personal data.
• Avoid clicking on links or downloading attachments from
suspicious emails.

14. How do I change my password?
You can change your password by logging into our full site at
http://www.myfitnesspal.com. Mobile app users should log in using the
same username and password they use in the app.
Once you've logged in, click the "My Home" tab, then "Settings," then
"Change Password."
If you've forgotten your password, you can request a password reset
email by clicking the "Forgot password or username" link on the sign-in
screen of our apps, or by visiting this link in a web browser.
Mobile app users who have not yet verified their email address may
receive an error when attempting to reset their password using the
"Forgot password?" option on the app's login screen. These users can
visiting this link and enter their email address or username to prompt an
email verification request, after which the password request can be
made successfully.

15. Will changing my MyFitnessPal password also
update my MapMyFitness password?
Changing your MyFitnessPal password will update the password you
use for our family of apps.

16. How can I get help with my MyFitnessPal
account?
For help with your MyFitnessPal account, please visit our customer
portal.
For U.S. MyFitnessPal Users:

https://content.myfitnesspal.com/security-information/FAQ.html

03/29/2018

 Security Information FAQ

Page 5 of 5

Copyright 2005-2018 MyFitnessPal, Inc.

https://content.myfitnesspal.com/security-information/FAQ.html

03/29/2018