Latest News

Everything You Need to Know About the MyFitnessPal Data Breach

Were you a victim of the MyFitnessPal data breach? Read on to find out what happened, what you should do and whether you can make a data breach compensation claim…

Being a victim of a data breach can be incredibly stressful and around 150 million users of Under Armour’s MyFitnessPal app experienced this distress in February 2018. Though the organisation played down the data breach, there were some undeniably huge flaws in the storing of data that could have been avoided.

Several people attempted to make a data breach compensation claim against the brand and as a result, it underwent investigation for breaching the Data Protection Act. So, what really happened? In this article, we’ll find out what went wrong, what you should do if you have been a victim of a data breach and how you can keep your data safe in future.


What Information Was Taken from the MyFitnessPal App?

The type of data that fitness companies keep is often quite personal and detailed. Fitness apps often ask for our email addresses, names, dates of birth, card details, and even our height and weight! The delicate nature of this data, and the fraudulent uses it divines, means it’s a popular target for hackers.

During the MyFitnessPal data breach, hackers accessed usernames, passwords, and email addresses. Under Armor quickly reset all affected user’s passwords, so the information could not be used on the app, but a year later, the old passwords were on sale on the dark web for around $20,000.


How Did Hackers Access MyFitnessPal?

Under Armour stated that the majority of passwords on their systems were protected with bcrypt making them incredibly hard to crack. However, the brand later admitted that a large proportion of the exposed passwords were only protected with a known weak function called SHA-1. There had been known flaws in this protection system for more than a decade, with several tech giants previously arguing that it shouldn’t have been used.


How Do I Know If I Was Involved in the Data Breach?

If you were a user of MyFitnessPal in 2018, your data would have been accessed. You should have received a notice from the app telling you to reset your password and they answered some of the common FAQs about the breach on their website.

Once passwords were reset, the stolen data was useless to the hackers as they could no longer access personal MyFitnessPal details. However, as with any data breach, it left users vulnerable to other potential hacks on social media platforms that had the same log in details.

What Did MyFitnessPal Do Following the Data Breach?

A spokesperson for MyFitnessPal said users were notified of the breach and told to change their passwords immediately. They said that they responded swiftly and stopped passwords that were valid in 2018 from being able to access accounts.

The company also stated that they “continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” adding that it was bolstering systems that detect and prevent unauthorised access to user information.


What Should I Do if I Was Involved in the Data Breach?

If you used the app in 2018, you would have been notified that you should reset your password. If you used this password on other websites, it’s a good idea to change these passwords too. Regularly check your bank statements to ensure there isn’t any suspicious activity as well as running a full antivirus scan of your computer.

What Can Hackers Do with My Stolen Data?

With enough information, criminals can apply for credit cards and fraudulent accounts in your name. With access to email addresses and passwords, hackers can obtain a significant amount of information.

Signs that your data has been stolen include:

  • Bills or emails showing things you have not ordered
  • Unfamiliar transactions
  • A dip in your credit score
  • Unsolicited communications asking for confirmation of personal data

Though the MyFitnessPal data breach didn’t involve any credit card details being exposed, it would’ve still enabled hackers to access several other aspects of users personal data.

Can I Make a Data Breach Compensation Claim?

If you have had your data stolen, make sure that you know your rights. You can make a data breach compensation claim if an organisation has failed to protect your personal data – regardless of whether you have suffered as a result of the breach or not. If you have experienced financial harm or anxiety, you can make a more significant case.


How Should I Keep My Information Safe to Avoid a Data Breach in the Future?

With data breaches becoming more common, it is essential to keep your data safe. Make sure you are regularly reviewing communications you are receiving to make sure they are legitimate and start using different and secure passwords for different accounts.

Hackers are incredibly smart, so any systems that aren’t updated are at risk of being hacked. Because of this, you should always update your devices and systems as and when they are prompted. This should help to avoid the risk of malware entering the computer.

More than ever before, we’ve relied on technology to keep us fit throughout the pandemic, but this has left us exposed to a number of data breaches. Moving forward, all users of fitness apps should be particularly aware of the dangers to avoid a data breach.


Photos by Ketut Subiyanto from PexelsTima Miroshnichenko from PexelsMikhail Nilov from Pexels, and cottonbro from Pexels.