{"id":21025,"date":"2018-04-01T21:12:34","date_gmt":"2018-04-02T01:12:34","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=21025"},"modified":"2018-11-26T14:09:35","modified_gmt":"2018-11-26T19:09:35","slug":"myfitnesspal-data-breach","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2018\/04\/01\/myfitnesspal-data-breach\/","title":{"rendered":"MyFitnessPal Data Breach"},"content":{"rendered":"<p><a href=\"https:\/\/content.myfitnesspal.com\/security-information\/FAQ.html\">MyFitnessPal<\/a>:<\/p>\n<blockquote cite=\"https:\/\/content.myfitnesspal.com\/security-information\/FAQ.html\">\n<p>On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.<\/p>\n<p>[&#8230;]<\/p>\n<p>The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.<\/p>\n<\/blockquote>\n\n<p>So, apparently none of the app-specific data.<\/p>\n\n<p><a href=\"https:\/\/daringfireball.net\/linked\/2018\/03\/30\/under-armour-hack\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/daringfireball.net\/linked\/2018\/03\/30\/under-armour-hack\">\n<p>It&rsquo;s a little scary that this went undetected for a month. Makes me wonder how many of these data breaches are never noticed.<\/p>\n<\/blockquote>\n\n<p>Update (2018-04-03): <a href=\"https:\/\/blog.agilebits.com\/2018\/04\/02\/myfitnesspal-shows-how-to-handle-a-breach\/\">Dave Teare<\/a>:<\/p>\n<blockquote cite=\"https:\/\/blog.agilebits.com\/2018\/04\/02\/myfitnesspal-shows-how-to-handle-a-breach\/\">\n<p>Many companies hide from the truth and make things much worse for themselves and their customers. Instead, MyFitnessPal did it right. Not only did they handle the disclosure with finesse, they also had excellent systems in place to limit the exposure of the leak.<\/p>\n<p>MyFitnessPal provides a great case study on how to handle a data breach and protect customer information.<\/p>\n<p>[&#8230;]<\/p>\n<p>For those looking to learn more about the MyFitnessPal breach, Troy Hunt started his <a href=\"https:\/\/www.troyhunt.com\/weekly-update-80\/\">Weekly Update 80<\/a> with a full discussion on the subject that I found very intriguing, especially the strategy on how to migrate from a SHA-1 hash to using bcrypt.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>MyFitnessPal: On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts. [&#8230;] The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords. So, apparently none of the app-specific data. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-11-26T19:09:37Z","apple_news_api_id":"1fe6e8d5-d0d4-4795-b544-8894f0391a48","apple_news_api_modified_at":"2018-11-26T19:09:38Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AH-bo1dDUR5W1RIiU8DkaSA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[],"tags":[1755,31,1472,26,1614,355,96],"class_list":["post-21025","post","type-post","status-publish","format-standard","hentry","tag-breach","tag-ios","tag-ios-11","tag-iosapp","tag-myfitnesspal","tag-privacy","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/21025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=21025"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/21025\/revisions"}],"predecessor-version":[{"id":21056,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/21025\/revisions\/21056"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=21025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=21025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=21025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}