Data Hack / Emails Taken cory_foy — Nov 14, 2017 09:29AM PST
This morning I started receiving obvious spam messages to the email address I've registered for My Fitness Pal (and only for My Fitness Pal). This is usually indicative of either a data breach or a partner data breach. Happy to share more information
1 Community Answers
Ripley MyFitnessPal Agent Nov 14, 2017 11:07AM PST
Thank you so much for alerting is us to spam you’re receiving from an email address unique to your MyFitnessPal account.
In the Spring of 2013, we learned of reports of MyFitnessPal users receiving spam at the email address tied to their MyFitnessPal account. We take security and privacy very seriously and as a result, we immediately formed a security task force and hired a professional security firm to conduct a thorough investigation to see whether our systems had been breached.
As of today, here’s what our investigation has yielded: we did not find any evidence that passwords or other personal information were compromised. However, we did find a way through which someone could have obtained user email addresses. We worked quickly to fix the issue, and put several additional security measures in place to help prevent similar incidents in the future. We will continue to be vigilant to protect your information. Sadly, I suspect the harvested list has recently been re-sold, resulting in an increase of reports. At the present time we have not heard from any users who created accounts after late-April 2013, when we changed our security measures.
As always, please be careful about responding to email communications from people claiming to be employees of MyFitnessPal. In particular, remember that no MyFitnessPal employee will ever ask you for your password or other sensitive information. If you wish to change your MyFitnessPal password, you may easily do so by following these instructions: http://myfitnesspal.desk.com/customer/portal/articles/1029658
If you can, please forward a sample of the spam (with the header) to firstname.lastname@example.org. Help for finding the full header information using most popular email clients or websites may be found here: https://kb.mediatemple.net/questions/893/How+do+I+view+email+headers+for+a+message%3F
We sincerely apologize for any inconvenience this may cause. If you have any questions, please do not hesitate to contact our security team at email@example.com.
You may also review our public post related to this incident on our blog: http://blog.myfitnesspal.com/an-important-update-about-your-myfitnesspal-account/ . Due to several changes in our blog site since the security incident, this older article looks a little rough around the edges, but the content is accurate and available there.