My Fitness Pall - Security Breach

neil_g

neil_g

Suspended / Banned
Messages
30,364
Name
Neil
Edit My Images
No
Heads up...

https://content.myfitnesspal.com/security-information/notice.html

NOTICE OF DATA BREACH
March 29, 2018

To the MyFitnessPal Community:

We are writing to notify you about an issue that may involve your MyFitnessPal account information. We understand that you value your privacy and we take the protection of your information seriously.

What Happened?
On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.

What Information Was Involved?
The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.

What We Are Doing
Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.

We are taking steps to protect our community, including the following:

We are notifying MyFitnessPal users to provide information on how they can protect their data.
We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
What You Can Do
We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:

Change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.
Review your accounts for suspicious activity.
Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
Avoid clicking on links or downloading attachments from suspicious emails.
For More Information
For more information, please go to https://content.myfitnesspal.com/security-information/FAQ.html.

Sincerely,

Paul Fipps
Chief Digital Officer
Click to expand...
 
The bcrypt hash is non-reversible in that they can't directly deduce your password if they don't already have it, however they can brute-force the algorithm until they get a hash that matches a stolen one.
The advise above is good.
 
The problem is, crackers have been compiling lists of millions of commonly used passwords from easily compromised systems for years. They've run those lists at their leisure through bcrypt and other strong algorithms and created indexed hash databases, so they can find a good number of matches very quickly in the stolen data.
 
So, there'll be a nice big list of email addresses of fatties* for the spammers to sell diet pills to, up for sale real-soon-now then :)



*yeah, I know, not everyone that uses MFP is there to lose weight, yeah, I know "fatties" could be termed derogatory, I know, I'm a member on there myself, they've got my email and my (now changed) password. Am I worried? NO, because I take the usual precautions of having a different password for different sites, am I a fattie - damned sure I am, but I'm working on it. Oh, and yeah, I posted pretty much this exact thing on my timeline on MFP as well - and all the fatties I know on there had a good laugh about it.
 
I received that EMail a few days ago too.
Unfortunately, I tried to log back on to change my password but can't for the life of me remember what username or password I originally used.
(I signed up a while ago on somebody's recommendation, but have never really used it.)

The good news is that I must have used something totally random, so I guess it really doesn't matter if anyone does crack it.
 
TheBigYin said:
So, there'll be a nice big list of email addresses of fatties* for the spammers to sell diet pills to, up for sale real-soon-now then :)



*yeah, I know, not everyone that uses MFP is there to lose weight, yeah, I know "fatties" could be termed derogatory, I know, I'm a member on there myself, they've got my email and my (now changed) password. Am I worried? NO, because I take the usual precautions of having a different password for different sites, am I a fattie - damned sure I am, but I'm working on it. Oh, and yeah, I posted pretty much this exact thing on my timeline on MFP as well - and all the fatties I know on there had a good laugh about it.
Click to expand...

the fat f***s love these sites, how come you got comprised then?
 
Hey, maybe it olny affects those who spell it right. ;)
 
You must log in or register to reply here.
Back
Top