Back to Forum Back to Top

Browsing:

Using MyFitnessPal in your research?

Mobile Apps GPS

Back to Forum

Browsing: Using MyFitnessPal in your research?


Camille Nebeker

Posts: 49
posted

Hello CORE Forum,

No doubt you've been following the Cambridge Analytica scandal. Well, today we have a breach from Under Armour's MyFitnessPal https://www.cnbc.com/2018/03/29/under-armour-stock-falls-after-company-admits-data-breach.html

If you are using MFP in your research study, what is your role in sharing information about this breach with your participants? Is there any part of this the may affect your data moving forward (e.g., participants delete the app? drop out of the study?).

Let us know what your thoughts on this!

Camille

Sherry Pagoto

Posts: 1
posted

In my weight loss trials, we encourage participants to use MFP to track their diet as part of the intervention. It's not mandatory to participate, but recommended. We conferred with IRB today and they judged the data breach to be an adverse event and we are contacting participants immediately to let them know about the breach and to change their password and recommending they no longer use this password for their other accounts. I'm curious of other steps folks are taking.

Rubi Linares-Orozco

Posts: 31
posted

Considering I have a MyFitnessPal account, which may or may not have been affected, I will chime from a participants perspective.

I will want to know what information from MFP profile was compromised? (i.e. Username, Height, Gender, Date of Birth, Country, Zip Code, Time Zone, Email Address, Food logs, photos)-

Per MFP affected information included usernames, email addresses, and hashed passwords- You may want to suggest to users to change their passwords.

Also, per MFP, if users receive an email asking them to click a link, do not click on it as this may be a tactic to acquire further data from MFP users- Maybe a caution to research participants to be aware of any "spam like emails" -

MFP has provided a good FAQ to guide users. https://content.myfitnesspal.com/security-information/notice.html and https://content.myfitnesspal.com/security-information/FAQ.html

Forbes has an article out on the details of the data breach: https://www.forbes.com/sites/tonybradley/2018/03/30/security-experts-weigh-in-on-massive-data-breach-of-150-million-myfitnesspal-accounts/#38581c333bba