Fitness tracking data leak: time to stop jogging


French fitness enthusiasts were relieved when the gyms reopened on Wednesday after the coronavirus curbs were loosened – Copyright AFP ISHARA S. KODIKARA

A recent fitness tracking data leak exposed 60 million customer records including GPS logs. The organization affected was New York-based GetHealth, as identified by WebsitePlanet, along with cybersecurity researcher Jeremiah Fowler.

Most of the data sources come from well-known brands like Fitbit and Apple’s HealthKit.

Fowler sent a disclosure notice to the company the safety findings. GetHealth responded and the system was quickly secured. The problem, however, brings the need for robust cybersecurity protection for sensitive data to the fore.

Investigate the incident for Digital diary,Pravin Rasiah, VP of Product, CloudSphere, warns of the vulnerabilities of many health and fitness devices.

Rasiah begins by assessing the amount of personal information collected from handheld devices: “Companies that collect and store sensitive customer information must be extremely vigilant in protecting any information they collect.”

With the specific case ZDNet finds that there were over 61 million records in the data store, including huge amounts of user information including names, dates of birth, weight, height, gender and GPS logs and other records.

This means that consumers should be careful: “Leaving a database open without a password or authentication to prevent unauthorized access is a surefire way to compromise customer information and potentially damage a brand’s reputation.”

Brands have to do more, says Rasiah. He explains: “It is critical that companies can identify security gaps in good time so that sensitive data such as names, dates of birth and GPS logs do not get into the hands of malicious actors.”

Furthermore: “A missing password is often the result of a lack of knowledge of the constantly changing cloud environment. Without this transparency, even basic security measures can all too easily expire or be incorrectly configured. “

It is important to take proactive steps to address these issues. Rasiah recommends, “Organizations should invest in cloud governance automation that enforces security barriers through policies that can prevent or resolve issues in real time.”


Leave A Reply