What Happened
In July 2018, the fitness app 8fit suffered a data breach affecting approximately 15-20 million users worldwide, with the company becoming aware of it in February 2019 when the stolen data surfaced for sale on dark web marketplaces. The exposed information included email addresses, names, bcrypt-hashed passwords, gender, IP addresses, countries of residence, expired Facebook authentication tokens, and profile pictures, though no payment details, credit card numbers, social security numbers, or user-coach communications were compromised. 8fit confirmed the incident via official notice, urged users to change passwords (especially reused ones), collaborated with security firms and law enforcement, and implemented measures to secure systems, with accounts created after July 2018 unaffected. The breach highlighted risks in fitness apps, prompting notifications to all users and data addition to sites like Have I Been Pwned in March 2019.
