ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

MyFitnessPal Data Breach

myfitnesspal.com
Massive exposure
Verified breach Passwords exposed
Accounts exposed 143,606,147
Breach date 01 Feb 2018
Added to tracker 21 Feb 2019
Data classes 4

What happened

In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly.

Exposed data

Email addresses IP addresses Passwords Usernames

Recommended actions

  • Change your MyFitnessPal password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing MyFitnessPal โ€” attackers weaponise breach data quickly.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP