An Interest In:
Web News this Week
- March 17, 2024
- March 16, 2024
- March 15, 2024
- March 14, 2024
- March 13, 2024
- March 12, 2024
- March 11, 2024
October 11, 2018 03:20 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HpFGqfj58J8/mindbody-owned-fitmetrix-exposed-millions-of-user-records----thanks-to-servers-without-pas
MindBody-Owned FitMetrix Exposed Millions of User Records -- Thanks To Servers Without Passwords
An anonymous reader writes: FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password. The company builds fitness tracking software for gyms and group classes -- like CrossFit and SoulCycle -- that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing. Last week, a security researcher found three FitMetrix unprotected servers leaking customer data. It isn't known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September. The servers included two of the same ElasticSearch instances and a storage server -- all hosted on Amazon Web Service -- yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users. Bob Diachenko, Hacken.io's director of cyber risk research, found the databases containing 113.5 million records -- though it's not known how many users were directly affected. Each record contained a user's name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more. Many of the records were not fully complete.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/HpFGqfj58J8/mindbody-owned-fitmetrix-exposed-millions-of-user-records----thanks-to-servers-without-pas
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot