MFP data breach, change your password if you haven't already
retirehappy
Posts: 4,757 Member
In case you missed this when logging in, here is the note from MFP about it. To change your password go to Settings on the myfitnesspal banner, you will find change password link there.
NOTICE OF DATA BREACH
March 29, 2018
To the MyFitnessPal Community:
We are writing to notify you about an issue that may involve your MyFitnessPal account information. We understand that you value your privacy and we take the protection of your information seriously.
What Happened?
On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.
What Information Was Involved?
The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.
What We Are Doing
Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.
We are taking steps to protect our community, including the following:
We are notifying MyFitnessPal users to provide information on how they can protect their data.
We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
What You Can Do
We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:
Change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.
Review your accounts for suspicious activity.
Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
Avoid clicking on links or downloading attachments from suspicious emails.
For More Information
For more information, please go to https://content.myfitnesspal.com/security-information/FAQ.html.
Sincerely,
Paul Fipps
Chief Digital Officer
NOTICE OF DATA BREACH
March 29, 2018
To the MyFitnessPal Community:
We are writing to notify you about an issue that may involve your MyFitnessPal account information. We understand that you value your privacy and we take the protection of your information seriously.
What Happened?
On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.
What Information Was Involved?
The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.
What We Are Doing
Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.
We are taking steps to protect our community, including the following:
We are notifying MyFitnessPal users to provide information on how they can protect their data.
We will be requiring MyFitnessPal users to change their passwords and urge users to do so immediately.
We continue to monitor for suspicious activity and to coordinate with law enforcement authorities.
We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
What You Can Do
We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:
Change your password for any other account on which you used the same or similar information used for your MyFitnessPal account.
Review your accounts for suspicious activity.
Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
Avoid clicking on links or downloading attachments from suspicious emails.
For More Information
For more information, please go to https://content.myfitnesspal.com/security-information/FAQ.html.
Sincerely,
Paul Fipps
Chief Digital Officer
0
Replies
-
If anyone is interested in starting to use a password manager/generator program here is an excellent place to start to learn about the ones most popular and how to use them.
https://www.howtogeek.com/141500/why-you-should-use-a-password-manager-and-how-to-get-started/0 -
Ahm, this is really really weird, but I tried to change my password and the system has me locked in a downward spiral of password hell.
I'm shocked that I got to this discussion thread: I have clicked on everything.
I changed my password last night, allegedly successfully but when I tried to log in it kept telling me there was an error. I tried so many times that it put me on "time out", lol locked me out and told me to wait an hour. I came back and tried a couple of hours later, and it was like I broke the site; there was a message saying it was down for maintenance.
I tried sending a message to whomever but I doubt that they got it, because the page where you send a message was completely out of kilter and the message box was way over on the left allowing me to only type in 8 letters per line; like typing a letter on a strip of cash register tape. I guess their code people are on vacation.
This morning it is more of the same. I've changed my password again; the system said it was "successful" but when I try to log in it rejects it saying that it's an "incorrect username or password". Well that's stupid because you're directed to login with your email address, not your user name.
I thought maybe this is an attempt to get people to sign up for Premium, but I tried that and--it rejected my password.
It's frustrating on a technical glitch idiocy level when site doesn't work, but I've been logging food with regularity and staying within my calorie goals. I mentioned elsewhere that I signed up for WW but..the points thing.. meh..old dogs/ new tricks, it just doesn't work for me. Infact there are people on WW who log their food on MFP because they want to track carbs, actual calories and sugar. So that tells me what I needed to know...
Meanwhile.
I will keep trying. My plan now includes possibly deleting my current account and re-registering with a new user name, email address and etc etc.
Stay tuned. Maybe I'll see you, and maybe I won't.
UPDATE five minutes later:
I tried to create a new account using a new user name and a new email address, but I got a
"sorry we cannot process your request at this time" message.
WTH
Very aggravating, because when I'm really tracking, it's helpful to keep me mindful about carbs and sugar, etc..
0 -
Cris, my guess is they are updating the secuity software module of MFP. the maintenance error is probably correct. Sometimes when back office is being worked on a website, you can do some things others you get the correct error about maintenance.
I started using MFP because I couldn't stand the website for WW. I tried using WW and just found it so frustrating and it didn't do what I wanted. At the time WW had no scanning codes ability, but the forum software really sucked in my opinion.
Hope you get this reply. Let things settle down, and you should be good to go again. I use the website much more than the app on my phone. I scan codes with the phone but everything else I prefer the PC interface.0 -
I figure it will be a week before I can actually log anything again if I'm lucky. Not sure what glitch has allowed me to post here; for awhile I couldn't get to this site either. :::shhhhh::: It's out little secret.
I've seen the maintenance message before, it's not unusual.
Perhaps if they're having to rebuild the site they should just say so; but people like me who're locked out wouldn't see it anyway so..
Oh. Well.
0 -
I'm switching to SparkPeople.
The MFP site is still having issues and the password re-set function is nonfunctional.
What's hilarious is that I can't even delete my account because I am not logged in and I can't log in...
Also SparkPeople has some functions the MFP site doesn't have, like a food outline designed specifically for diabetics and a blood glucose tracker. Useful.
Ciao.
0