Connect with us

Hi, what are you looking for?


Fitness tracking record data leak: Time to stop jogging on

Fitbit and Apple’s HealthKit have been linked to exposed personal data.

US 'to buy 500 mn doses for world' as curbs ease in Europe
French fitness enthusiasts have been relieved to see gyms reopen under Wednesday's relaxation of coronavirus curbs - Copyright AFP ISHARA S. KODIKARA
French fitness enthusiasts have been relieved to see gyms reopen under Wednesday's relaxation of coronavirus curbs - Copyright AFP ISHARA S. KODIKARA

A recent Fitness Tracking Record Leak exposed 60 million customer records including GPS logs. The impacted organization was New York-based company GetHealth, as identified by WebsitePlanet, together with cybersecurity researcher Jeremiah Fowler.

The majority of data sources were found to have originated from popular brands like Fitbit and Apple’s HealthKit.

Fowler sent a disclosure notice to the company of the security findings. GetHealth responded and the system was secured rapidly. However, the issue brings to the fore the need for robust cybersecurity protection when it comes to sensitive data.

Looking into the incident for Digital Journal ,Pravin Rasiah, VP of Product, CloudSphere, warns about the vulnerabilities presented by many types of health and fitness devices.

 Rasiah begins by assessing the extent of personal data captured by wearable devices: “Companies collecting and storing sensitive customer information must be hypervigilant in protecting all of the data they collect.”

With the specific case, ZDNet finds that over 61 million records were contained in the data repository, including vast quantities of user information, including names, dates of birth, weight, height, gender, and GPS logs, among other datasets. 

This means consumer beware: “Leaving a database exposed without a password or authentication to prevent unauthorized entry is a surefire way to endanger customer information and potentially damage a brand’s reputation.”

Brands need to do more, says Rasiah. He explains: “It is crucial that enterprises have the ability to identify security flaws in a timely manner so that sensitive data such as names, birthdates and GPS logs stay out of the hands of malicious actors.”

Furthermore: “A missing password is often the result of lack of awareness into the constantly changing cloud environment. Without this visibility, it is far too easy for even basic security measures to lapse or be misconfigured.”

In terms of taking proactive steps to address these issues is important. Rasiah recommends: “Companies should invest in automation for cloud governance that enforces security guardrails via policies that can prevent or remediate issues in real-time.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Artillery battles have engulfed the streets of Severodonetsk, leaving trapped residents such as Klaudia Pushnir, 88, with little hope - Copyright AFP/File Behrouz MEHRIDmitry...


Ford iMotor Co. ssued recalls, totaling 350,000 vehicles that include some Ford Expedition and Lincoln Navigator SUVs.


Health authorities in North America and Europe have detected dozens of suspected or confirmed cases of monkeypox since early May.


North Korea has carried out a record-breaking blitz of missile launches this year - Copyright AFP/File JUNG YEON-JESunghee Hwang and Claire LeeNorth Korea is...