Connect with us

Hi, what are you looking for?

Tech & Science

Fitness brand leaks personal data linked to fitness trainers (Includes interview)

The data loss impacting fitness brand V Shred has exposed personal data connected to some 99,000 prospective customers, current clients and trainers. The exposed files contained names, home addresses, email addresses, dates of birth, some Social Security numbers, social media accounts details, usernames and passwords, age ranges, genders, and citizenship status.

Looking into the issue for Digital Journal, Chris DeRamus, VP of Technology, Cloud Security Practice, Rapid7 says that the unsecured database is too common a problem and one overlooked by too many firms. Indeed, many cloud mishaps occur due to misconfigurations at the point of set-up.

With this, DeRamus notes: “Leaving a database publicly accessible without any security barriers in place is one of the most common yet easily preventable causes of data leaks and breaches. In fact, data breaches involving cloud misconfigurations increased by 80 percent from 2018 to 2019.

He adds that not thinking through the appropriate set-up and configuration of a customer interacting service is key: “With the self-service nature of the cloud, users may not be adequately familiar with cloud security settings and best practices, resulting in devastating data leaks, such as this incident involving the exposure of personally identifiable information belonging to V Shred customers and trainers. Although any evidence of misuse has not been confirmed, the information that was exposed is highly valuable to bad actors, who harvest this kind of data to sell on dark web marketplaces or to launch future attacks against the impacted individuals.”

In terms of the implications, DeRamus explains: “This exposure of customer data highlights why developers and security teams need to work together to proactively identify cloud compliance and security issues before cloud resources are deployed.”

As to what is to be done, DeRamus recommends: “Organizations should not rely solely on runtime security and instead must “shift left” by taking preventative measures early on in their continuous integration and continuous delivery pipelines. This approach will allow organizations to prevent security issues including cloud infrastructure misconfigurations from ever occurring, thereby preventing data breaches and leaks.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

For nearly 90 years, anyone in France needing to know what time it is down-to-the-second could ring up the Paris Observatory.

World

Russia's invasion of Ukraine has exacerbated concerns about oil supplies, sending prices to record highs this year.

Business

Salmonella bacteria have been discovered in the world's biggest chocolate plant, run by Swiss giant Barry Callebaut in the Belgian town of Wieze.

World

The Czech Republic will take over the rotating six-month presidency of the European Union on Friday with all eyes on Ukraine.