An unsecured database is a reason for yet another major data breach incident. Researchers at vpnMentor found an open database, which belongs to fitness tech company Kinomap, exposing 42 million records (40GB data) of its users for at least a month. The database includes personal identity data (PII) of users from across 80 countries, including North America, Australia, Japan, the U.K., Belgium, Finland, Hungary, Portugal, France, Germany, the U.S., Canada, and South Korea.
The exposed PII included full names, home country, email addresses, usernames, Kinomap account details, gender, timestamps for exercises and the date they joined Kinomap. vpnMentor stated that it notified the French firm on March 28, 2020, immediately after the discovery. The database was fixed on April 12, 2020, after the French data protection regulator had been informed.
Kinomap creates interactive workout videos with various types of fitness machines, including Peloton products, along with coaching, and personal trainer videos, which are uploaded by Kinomap users and professional trainers from around the world.
“Many of the entries contained links to Kinomap user profiles and records of their account activity. Similar to social media accounts, Kinomap profiles can reveal considerable personal details about a user. If a malicious hacker had discovered this database, they could easily combine the information contained in numerous ways, creating highly effective and damaging fraud schemes and other forms of online attack,” vpnMentor said in a statement.
The researchers also claimed that they found access keys for the Kinomap API, which cybercriminals could exploit to hijack accounts. The PII could also be used to launch phishing attacks and identity fraud or to secretly install malware on target devices.
They warned that attackers may target online exercise apps like Kinomap, which have received increased demand due to the current stay-at-home scenario. “With millions of people across the globe now under quarantine at home due to the Coronavirus pandemic, the impact of a leak like this grows exponentially. Unable to access their usual forms of exercise, many people will be turning to apps like Kinomap to stay fit and upbeat during the crisis,” the researchers added.