Recently, an unsecured database led to the exposure of more than 61 million records on wearable technologies and fitness services.
According to WebsitePlanet and Jeremiah Fowler, a cybersecurity researcher, the exposed database belongs to GetHealth.
New York-based GetHealth provides access to health and wellness-related data from numerous medical devices, wearables, and apps. Some famous names from which it obtains health-related data are Starva, Fitbit, Microsoft Band, HealthKit, Google Fit, and Misfit Wearables.
The database was discovered online for the first time on June 30, 2021, and it wasn’t password protected. It was in plain text, and an encrypted ID was also included. The geo-location were “America/New_York,” “Europe/Dublin,” and other user locations “all over the world.”
The researcher confirmed that the data repository had more than 61 million records, including sensitive information about users, such as names, DOB, gender, height, weight, GPS logs, and others. Out of this, most data was from Apple’s HealthKit and Fitbit.
The 16.71 GB database contained references to GetHealth, indicating that this company is the potential owner. The leaked data was verified the same day it was discovered. When GetHealth learned of the breach, it took urgent steps to protect its servers.
WebsitePlanet further says that it’s unknown for how long these records had been exposed or who else could have accessed the data. It won’t be wise to blame GetHealth, its partners, or customers because there is no evidence against any of them.
Also, there is no evidence that any customer or user data has been hacked. Moreover, the number of people affected before the database was restricted from the public is also unknown.
Some questions remain unanswered, and GetHealth has yet to respond. Further updates about the situation will be available after their responses.