⚠ 2018 Data Breach: 150 Million Accounts

MyFitnessPal suffered one of the largest fitness app data breaches in history. Usernames, email addresses, and hashed passwords for 150 million users were stolen. Despite this, their data collection practices remain extensive.

🚨 Key Gotchas Found

Extensive Health & Diet Tracking High

MyFitnessPal collects incredibly detailed health data: every calorie logged, weight fluctuations, nutritional deficiencies, meal timing, and eating patterns. This data reveals potential health conditions, disordered eating patterns, and more.

"We collect information about your diet, nutrition, weight, fitness activities, goals, and other health-related information you choose to provide."

Broad Third-Party Sharing High

Your nutrition and health data is shared with advertising networks, analytics providers, and business partners. Your calorie counts could be used to target weight loss ads across the internet.

"We share your information with third-party advertising partners, analytics providers, and business partners to provide targeted advertising and measure effectiveness."

Partner App Data Access Medium

Connected apps (over 50+ integrations) get broad access to your food diary, exercise logs, and weight history. Each connected app adds another company with access to your health data.

"When you connect third-party apps and services, you authorize us to share your MyFitnessPal data with those services."

Premium Features Behind Paywall Medium

Core features like detailed nutrient tracking and food analysis are locked behind Premium subscriptions. Free users get limited insights into the data they're providing.

"Advanced features including detailed macronutrient tracking, food analysis, and insights are available to Premium subscribers only."

📊 Score Breakdown

Health Data Protection 8/30
Third-Party Sharing 5/20
Subscription Fairness 9/15
Data Portability 8/15
Deletion Rights 4/10
Dispute Resolution 4/10

🤔 What This Means For You

MyFitnessPal knows what you eat, when you eat, and how much you weigh - incredibly intimate data that you're sharing with an advertising-driven platform. Given their data breach history and extensive sharing practices, this is concerning.

If you use MyFitnessPal, you should:

  • Assume your diet and weight data has been or could be exposed in future breaches
  • Minimize connected apps to reduce the number of companies with access to your data
  • Use a unique, strong password and enable two-factor authentication
  • Consider whether the convenience is worth the privacy trade-off
  • Regularly export your food diary data if you want to keep records
  • Be aware that your calorie logs could inform targeted advertising