If you are using MFP in your research study, what is your role in sharing information about this breach with your participants? Is there any part of this the may affect your data moving forward (e.g., participants delete the app? drop out of the study?).
Let us know what your thoughts on this!
In my weight loss trials, we encourage participants to use MFP to track their diet as part of the intervention. It's not mandatory to participate, but recommended. We conferred with IRB today and they judged the data breach to be an adverse event and we are contacting participants immediately to let them know about the breach and to change their password and recommending they no longer use this password for their other accounts. I'm curious of other steps folks are taking.
Considering I have a MyFitnessPal account, which may or may not have been affected, I will chime from a participants perspective.
I will want to know what information from MFP profile was compromised? (i.e. Username, Height, Gender, Date of Birth, Country, Zip Code, Time Zone, Email Address, Food logs, photos)-
Per MFP affected information included usernames, email addresses, and hashed passwords- You may want to suggest to users to change their passwords.
Also, per MFP, if users receive an email asking them to click a link, do not click on it as this may be a tactic to acquire further data from MFP users- Maybe a caution to research participants to be aware of any "spam like emails" -