Fitmetrix fitness software company may have exposed millions of customer records

October 12, 2018

Fitmetrix fitness software company exposed customer data online, a 119GB archive containing name, gender, email address, birth date, height, weight and more

A fitness software company Fitmetrix may have exposed a database hosted on AWS  containing millions of customer records. The exposed records included name, gender, email address, birth date, home and work phone, height, weight and much more.

The huge trove of data was discovered by the expert Bob Diachenko using a simple Shodan query for unsecured Elasticsearch installs.


The expert discovered an archive of 119GB exposed by Fitmetrix on a cloud storage, the noticed two sets of data one of with was labeled as “compromised” that contained a ransom note.

“On October 5th, a member of Hacken security team has been browsing through Shodan looking for exposed Elasticsearch instances which recently could become targets in another spread of ransomware campaigns.” reads a blog post published by Diachenko.

“It appears that the attackers are using a script that automates the process of accessing a database, possibly exporting it, deleting the database, and then creating the ransom note. This script sometimes fails and the data is still available to the user even though a ransom note is created.”

The database includes daily FitMetrix platform audit data in the period between July 15th and Sept 19th 2018. The total number of records in ‘platformaudit’ indexes was 122,869,970, not all containing customer data.

Diachenko estimated that “millions” other accounts were still likely to have been affected.

Mindbody, who owns FitMetrix, secured the database five days after he was informed of the data leak, on October 10.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(Security Affairs – FitMetrix, data breach)

The post Fitmetrix fitness software company may have exposed millions of customer records appeared first on Security Affairs.

Source: Security affairs

Da Feed

Author: Da Feed

The Charles Tendell Show aggregates the best content from all over the web. Check out the latest in tech, politics, and more at Get your own website added to the feed by contacting us today!

Comments are closed.

© 2016 The Charles Tendell Show