Is MyFitnessPal Safe for Calorie and Fitness Tracking?
MyFitnessPal is a popular calorie counting and fitness tracking app that suffered one of the largest data breaches in history in 2018, exposing 150 million user accounts. The app was sold by Under Armour to Francisco Partners in 2020. While the platform has improved security since the breach, it collects detailed health, dietary, and fitness data that creates a sensitive personal profile. The combination of the breach history, multiple ownership changes, and the intimate nature of health tracking data makes MyFitnessPal a caution-rated service.
What MyFitnessPal Collects
- Detailed food diary including every meal, snack, and calorie count
- Body measurements, weight history, and fitness goals
- Exercise logs and activity data
- Nutritional preferences, dietary restrictions, and eating patterns
- Device data, location, and app usage analytics
Who Sees Your Data
- Francisco Partners (current owner) and MyFitnessPal operations team
- Connected fitness devices and apps through integrations
- Advertising partners who receive behavioral segments
- Social connections if community features are enabled
The 2018 Data Breach
In February 2018, MyFitnessPal disclosed that approximately 150 million user accounts had been compromised. The breach exposed usernames, email addresses, and hashed passwords. While health data was not directly part of the exposed records, the email and password exposure put accounts at risk of credential stuffing attacks. Under Armour, the owner at the time, was criticized for using SHA-1 hashing for some passwords rather than the more secure bcrypt. If you had an account before 2018, assume your credentials were exposed and ensure you changed your password.
Health Data Sensitivity
MyFitnessPal collects extraordinarily detailed health information including every food you eat, your weight fluctuations, exercise routines, and body measurements. This data creates an intimate picture of your health behaviors, eating disorders, weight struggles, and fitness patterns. Unlike generic browsing data, health information is uniquely sensitive and could be used for insurance discrimination, employment decisions, or personal embarrassment if exposed. Consider the long-term implications of this data existing in corporate systems.
Ownership Changes and Data Governance
MyFitnessPal was acquired by Under Armour in 2015, then sold to private equity firm Francisco Partners in 2020. Each ownership change potentially alters data governance policies and introduces new stakeholders with access to your health data. Private equity ownership typically focuses on maximizing value extraction, which can include monetizing user data more aggressively. Review the current privacy policy carefully, as it may have changed significantly from when you originally created your account.
Recommended Privacy Settings
| Setting | Where | Recommended |
|---|---|---|
| Diary Privacy | Settings > Privacy > Diary Sharing | Set your food diary to private so other users cannot see your eating patterns |
| Third-Party Sharing | Settings > Sharing > Connected Apps | Review and disconnect any fitness apps or devices you no longer use |
| Account Security | Settings > Account > Password | Use a unique strong password and enable two-factor authentication if available |
Safer Alternatives
Smaller user base means less attractive target for breaches, with detailed nutrition tracking and better privacy practices
Keeps health data on your device with iCloud encryption, within Apple privacy-first ecosystem
Our Verdict
MyFitnessPal carries a caution rating due to the massive 2018 data breach, multiple ownership changes, and the sensitive nature of detailed health and dietary data it collects. If you use the platform, enable all security features, set your diary to private, and monitor your account for unauthorized access. For new users, alternatives with cleaner security track records and less aggressive data monetization through advertising offer better privacy profiles for health tracking.
Related Safety Checks
Frequently Asked Questions
Was my MyFitnessPal account breached?
If you had a MyFitnessPal account before February 2018, your username, email address, and hashed password were likely part of the 150 million record breach. Check haveibeenpwned.com with your email to confirm. Change your MyFitnessPal password and any other accounts where you used the same credentials. The breach did not directly expose food logs or health data, but account access through compromised passwords could reveal that information.
Does MyFitnessPal share my health data with advertisers?
MyFitnessPal privacy policy allows sharing of aggregated and anonymized data with advertising partners. The app displays targeted ads based on your usage patterns. While specific food diary entries are not shared directly with advertisers, behavioral segments derived from your health and fitness data may inform ad targeting. Premium subscription removes ads but may not eliminate all data processing for marketing purposes. Review the current privacy policy for specific details on data sharing with advertising partners.
Should I switch from MyFitnessPal after the breach?
The breach occurred in 2018 and MyFitnessPal has since improved its security practices. If you have changed your password and enabled additional security measures, the immediate breach risk is resolved. However, the combination of breach history, ownership changes, and the sensitive nature of long-term health data is worth considering. If you have years of health data in MyFitnessPal, exporting it for personal records before evaluating alternatives is a good first step regardless of your decision.