⚠ 2018 Data Breach: 150 Million Accounts
MyFitnessPal suffered one of the largest fitness app data breaches in history. Usernames, email addresses, and hashed passwords for 150 million users were stolen. Despite this, their data collection practices remain extensive.
🚨 Key Gotchas Found
Extensive Health & Diet Tracking High
MyFitnessPal collects incredibly detailed health data: every calorie logged, weight fluctuations, nutritional deficiencies, meal timing, and eating patterns. This data reveals potential health conditions, disordered eating patterns, and more.
Broad Third-Party Sharing High
Your nutrition and health data is shared with advertising networks, analytics providers, and business partners. Your calorie counts could be used to target weight loss ads across the internet.
Partner App Data Access Medium
Connected apps (over 50+ integrations) get broad access to your food diary, exercise logs, and weight history. Each connected app adds another company with access to your health data.
Premium Features Behind Paywall Medium
Core features like detailed nutrient tracking and food analysis are locked behind Premium subscriptions. Free users get limited insights into the data they're providing.
📊 Score Breakdown
🤔 What This Means For You
MyFitnessPal knows what you eat, when you eat, and how much you weigh - incredibly intimate data that you're sharing with an advertising-driven platform. Given their data breach history and extensive sharing practices, this is concerning.
If you use MyFitnessPal, you should:
- Assume your diet and weight data has been or could be exposed in future breaches
- Minimize connected apps to reduce the number of companies with access to your data
- Use a unique, strong password and enable two-factor authentication
- Consider whether the convenience is worth the privacy trade-off
- Regularly export your food diary data if you want to keep records
- Be aware that your calorie logs could inform targeted advertising