Data of 61 million Fitbit and Apple users exposed on web

196

All those using Fitbit trackers and wearables, here’s a news piece that needs your immediate attention. Reports are in that an unsecured database led to the exposure of over 61 million records of users related to Fitbit and Apple Healthkit repository users.

WebsitePlanet researchers team led by Jeremiah Fowler have discovered a database that wasn’t secured with a password, leaving stored data exposed to anyone who had a PC and mouse on hand. The unsecured database in question belongs to GetHealth, that offers wellness services to hundreds of users using wearables, medical devices and health related apps on their smart phones.

A source from WebsitePlanet that offers services to build and market websites says that the exposure of data happened because of a configuration error and was discovered on June 30th,2021.

Although the susceptibility was fixed on an immediate note by July 7th this year, the IT staff of GetHealth are unsure on who could have accessed the data when it was left open with no security protection in place.

Data related Apple Healthkit which acts as a central repository for storing health and fitness related data from iPhones and iWatch was also exposed and that includes information such as first and last name, display name, DOB, weight & height of the user, geolocation and several such records.

GetHealth not only offers wellness services to fitbit or Apple users but also acts as a cloud storage platform for users related to Jawbone UP, Google Fit, Microsoft, Sony Lifelog, Withings, and Android Sensors.

Note- As the wearable technology data was analyzed and stored for personal use, there is no need to abide by HIPAA regulations.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security