If you’re one of the 20 million people who have used the health and fitness app 8fit, your personal data and information may have been compromised in a recent data breach of the company
8fit announced this week that it became aware of a cyber attack affecting approximately 20 million of its users worldwide. 8fit announced that the breach occurred some time in July 2018 but only became aware of it this month. The company said that the potentially compromised data includes names, email addresses, and hashed passwords. A “hashed password” is a password that has been encrypted, but some hashing techniques have been cracked by hackers in order to expose the clear-text password. Additionally, in some cases, 8fit users’ gender, IP address, expired Facebook authentication token, and profile picture were also compromised.
8fit does claim, however, that no payment information, credit card numbers, or conversations and communications between 8fit users and their fitness coaches were obtained in the breach. 8fit does not collect social security numbers.
The company is encouraging all users to change their account passwords as well as change passwords to any other accounts for which they use the same or similar password. For example, if your 8fit password was “Healthy123,” and you’ve used this same password on other sites, apps, or services, you should change all passwords immediately.
At this time, 8fit does not know who is responsible for the cyber attack, but the company is notifying all of its users as a precaution. As is often the case in data breaches, hackers will use the obtained personally identifiable information, such as passwords, usernames, and email addresses in an attempt to gain unauthorized access to other services for which a user has the same password. Remember to always use a different password for each and every service, app, and account you have. Use a free password management service like 1Password or LastPass to help you generate and store secure passwords.