Dear MyFitnessPal Users,
You might have heard about a widespread internet security vulnerability called Heartbleed, and you may be wondering whether it impacts MyFitnessPal. Heartbleed is a bug that security researchers recently discovered in a core encryption library that secures most internet sites.
This issue is projected to be impacting as many as two-thirds of sites across the web. Fortunately, we have no evidence that any of our users’ data has been breached. Nevertheless, as soon as this disclosure was made public, we immediately upgraded all of our systems to mitigate any potential issues.
(Update 4/11/2014: To be specific, we patched the vulnerability and updated our SSL certificate with new private [and corresponding public] keys. We have since also requested and deployed an entirely new SSL certificate and revoked our old certificate, to eliminate any confusion.)
Due to the potential severity of this bug we would like to suggest that you take two simple steps:
1. Change your MyFitnessPal password. Here’s how.
2. Disconnect and immediately reconnect your connected accounts (like Fitbit or Runtastic). This will refresh your authentication tokens and increase your security.
At MyFitnessPal, the security and privacy of your data is important to us. Again we have no reason to believe that any data was actually compromised. We will continue to monitor this threat and will keep you informed going forward.
Vice President of Engineering, MyFitnessPal