PathMinder Pty Ltd have partnered with AllUser Industries srl to bring Europe’s most advanced high security portals to the Australian and New Zealand markets. AllUser Industries started to…read more
MindBody-owned FitMetrix revealed to have exposed millions of user records
FitMetrix, the activity technology and performance tracking company owned by fitness management software company Mindbody, has exposed millions of user records because it left several of its servers without a password.
FitMetrix, which was acquired by gym and wellness scheduling service Mindbody earlier this year for US$15.3 million, builds fitness tracking software for gyms and group classes that displays heart rate and other fitness metric information for interactive workouts.
As reported by TechCrunch, a security researcher found last week that three unprotected FitMetrix servers had been leaking customer data.
At this time it is not known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September.
The servers included two hosted on the Amazon Web Service which were not protected by a password, allowing anyone who knew where to look to access the data on millions of users.
Bob Diachenko, Hacken.io’s Director of Cyber Risk Research, found the databases containing 113.5 million records, with TechCrunch advising that it is now known how many users were directly affected.
Each record contained a user’s name, gender, email address, telphone numbers, profile photographs, primary workout location and emergency contacts although many of the records were not fully complete.
Diachenko, who wrote up his findings, contacted the company via the email address earlier this month but the company only secured the server after TechCrunch reached out.
Jason Loomis, Mindbody’s Chief Information Security Officer advised “we recently became aware that certain data associated with FitMetrix technology stored online may have been publicly exposed.
“We took immediate steps to close this vulnerability.
“Current indications are that this data included a subset of the consumers managed by FitMetrix, which was acquired by Mindbody in February 2018, and did not include any login credentials, passwords, credit card information or personal health information.”
Diachenko rebuffed Mindbody’s claim, saying that there was “some” health information in the data, based on his analysis of the data.
TechCrunch also found several records including height, weight and shoe sizes.
When asked to clarify by TechCrunch, Mindbody spokesperson Jennifer Saxon would not comment further.
It’s not known how many people accessed the database, but Diachenko said that he wasn’t the first to find the exposed database.
A ransom note was buried in one of the tables by a scammer who claimed to have downloaded the database’s contents and would only restore it for bitcoin. But the scammer wasn’t so successful and failed to delete the data. Although the scammer asked for 0.1 bitcoin (US$650), teir bitcoin address received only 0.13 bitcoin at its most.
Mindbody said that it will “comply with all applicable legal obligations” in reporting the data exposure to U.S. and European authorities, but wouldn’t say if it will inform customers of the security lapse.
The company may also face action from European authorities under General Data Protection Regulation (GDPR), the new data protection regulation, which can fine a company up to four percent of its global worldwide revenue for data breaches and negligent data exposures.
4th June 2018 - Mindbody reduces losses, looks to post acquisition growth
3rd April 2017 - Google launches new booking service for fitness classes
30th March 2017 - MINDBODY adds Lymber dynamic pricing engine to its product platform
14th February 2017 - MINDBODY wins 2017 BIG Innovation Award for branded app solution
30th April 2016 - Mindbody App wins 2016 Webby Award and Webby People’s Voice Award
8th February 2016 - FitMetrix partners with online wellness marketplace Mindbody
Asking a small favour
We hope that you value the news that we publish so while you're here can we ask for your support?
The news we publish at www.ausleisure.com.au is independent, credible (we hope) and free for you to access, with no pay walls and no annoying pop-up ads.
However, as an independent publisher, can we ask for you to support us by subscribing to the printed Australasian Leisure Management magazine - if you don't already do so.
Published bi-monthly since 1997, the printed Australasian Leisure Management differs from this website in that it publishes longer, in-depth and analytical features covering aquatics, attractions, entertainment, events, fitness, parks, recreation, sport, tourism and venues management.
Subscriptions cost just $90 a year.
Click here to subscribe.
The Complete Guide to Leisure Industry Products & Services.
As of the 1st July 2018, Enta Australasia Pty Ltd/Best Union has been rebranded as VIVATICKET Pty Ltd. Click here to view the VIVATICKET Pty Ltd listing. 19th July 2018 - ENTA…read more
Perfect Gym Solutions is a software as a service (SaaS) solution purpose-built to service the fitness industry, with over 1000 clients servicing over 2 million gym members across 40 countries making…read more
revolutioniseSPORT is the emerging market leader in online club management in Australia. Whether it is memberships, registrations, events, online sales or governance tools - revolutioniseSPORT is the…read more
BODY BIKE® International is a leading manufacturer of indoor bikes with a 20-year track record of creating the best indoor bikes. Stay connected with Body Bike Australia…read more
Aflex Inflatables are the leaders for obstacle courses, pool toys, waterparks and land-based watersides and fitness runs. They are industry leaders offering the widest range of pool, lake and beach…read more
As of 2018, TicketServ operates as SeatGeek Asia Pacific Pty Limited, part of international ticketing platform SeatGeek. Click here to contact SeatGeek Asia Pacific via their entry in…read more
PROVEN BUSINESS CONCEPTS WITH XBODY XBody’s goal is to see you and your EMS business succeed. That is why we don’t just sell equipment, we provide know-how, expert knowledge,…read more
get listed with our suppliers directory
Get your business noticed in our targeted directory. Viewed by 10,000 industry professionals per week!