MyFitnessPal

In February 2018 the health and fitness tracking service MyFitnessPal suffered a massive data breach affecting millions of users. The incident involved an unauthorized party gaining access to user accounts and extracting sensitive information. The compromise included a vast collection of unique email addresses combined with usernames and IP addresses. Security researchers noted that passwords were stored as SHA-1 and bcrypt hashes. While the bcrypt hashes remained relatively secure the SHA-1 hashes were later decrypted and the data was widely circulated across various underground forums and public platforms.