Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MyFitnessPal Data Breach Impacts 150 Million User Accounts
- Thread starter MacRumors
- Start date
- Sort by reaction score
Why is this even news here? So someone got a hold of a list of peoples email addresses. That happens daily, usually as email address harvesting by email spammers. So what?
I dont remember having to provide that information when I signed up. I had the free account. The hackers have my email address (Which was already compromised by Adobe some years back) height and weight, but thats about all for me. Don't ever recall providing my address or credit card number. Maybe those who signed up and paid for Premium services were hit harder.
Just deleted my account. Never used it anyways.
Just be sure you’re not reusing passwords across sites! A common thing now is to take these lists with email login + password and hit other sites hoping to get lucky that you reused your password at a bank or email account and then screw you over.
Serious question, how do you know who wrote it? MacRumors has multiple contributors and I never know who wrote what unless they respond in the thread and claim credit.
This font could stand to do a few crunches and eat some veggies. It's a bit overweight.
I use Asken Diet. www.askendiet.com/get I like it for the nutritional advice from their AI dietitian.
why on earth would sites need such personal information like driver license and SSN? if i see one that asks for it and aren't governement website / for official business like tax stuff / applying for visa etc etc, i wont want to give it out at all.
why are people enabling these social giants to obtain these kind of informations. i hope some bravesoul would just come out and do a huge class action lawsuit against these social giants for collecting personal information because this would always end up getting hacked and they walk away scott free. even their shares on the stock market doesnt change much at all. life is unfair
why are people enabling these social giants to obtain these kind of informations. i hope some bravesoul would just come out and do a huge class action lawsuit against these social giants for collecting personal information because this would always end up getting hacked and they walk away scott free. even their shares on the stock market doesnt change much at all. life is unfair
I checked and didn't see it but then I clicked on the parma-link to the article and did. I always click on the link to articles that display the full comments; it appears that version doesn't have the byline. If I click to the version that has the "top rated comments" it does display the name. I really dislike that format though and only normally go there if it's a long article that has a "click here for the full article" link.
@MacRumors you should consider adding the byline information to the full comments version of articles as well. Currently it doesn't exist. Would also be nice to not have to use that "top rated comments" format for long articles.
In any case, thank you Chucker, I learned something today
I have changed the password on MyFitnessPal account and the email associated with it, I have various accounts for apps and websites which use the same password I used for MyFitnessPal but the accounts aren’t associated with MyFitnessPal or the email associated my MyFitnessPal account so am I safe not changing the passwords for other apps or websites I am registered to
For the love of God Please read other post. This isn't even a long thread. MacRumors' Juli Clover writing on this is terrible. They cut to much info about the Driver's license and SSN. It never was collected
Here's what MFP says
"
What Information Was Involved?
The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords."
Seems a lot of reporters are adding the part about SSN and Drivers license not be taking to their stories. Without being clear about it not even being collected.
If the breacher now has your email, and a way to decrypt your password, they can begin attempts to log in to other apps/websites.
Change your passwords on other sites. I know... it sucks.
Hi, thanks for your reply. I have 2 emails, only one was used for MyFitnessPal and my other email isn’t associated with MyFitnessPal or the email I used for MyFitnessPal, the email I used for MyFitnessPal had no information on my other email address, could these hackers still get in to my other email which isn’t anything to do with the other email
[doublepost=1522601151][/doublepost]Also what are hashed passwords because MyFitnessPal stated that it was hashed passwords which were stolen
You are likely safe... If one email account was possibly accessible though through similar email logins, that's a potential hole. Also, your colleagues/yourself should be on the lookout for emails that allegedly are sent by yourself, containing suspicious links/attachments.
A hashed password is a secured way of storing some data typically with a hash generator, and a known key.
We know the hashed password text has been taken by the culprits, they know what hash generator was used, now they need to know the key. Once/if that is known, that's a bunch of emails and passwords now known by the culprit that can be potentially be used for scanning/testing other services accounts with the emails and similar passwords, and for now at the very least, the culprits now know of a lot of emails that were used at one point.
A hashed password is a secured way of storing some data typically with a hash generator, and a known key.
We know the hashed password text has been taken by the culprits, they know what hash generator was used, now they need to know the key. Once/if that is known, that's a bunch of emails and passwords now known by the culprit that can be potentially be used for scanning/testing other services accounts with the emails and similar passwords, and for now at the very least, the culprits now know of a lot of emails that were used at one point.
If by key you mean salt, bcrypt stores the salt as part of the string, so we have that. The salt’s purpose is only to prevent rainbow tables.