Unsecured Database Exposes More Than 60 Million Wearable, Tracking Records

Unsecured Database Exposes More Than 60 Million Wearable, Tracking Records

Recently, an unsecured database led to the exposure of more than 61 million records on wearable technologies and fitness services.

According to WebsitePlanet and Jeremiah Fowler, a cybersecurity researcher, the exposed database belongs to GetHealth.

New York-based GetHealth provides access to health and wellness-related data from numerous medical devices, wearables, and apps. Some famous names from which it obtains health-related data are Starva, Fitbit, Microsoft Band, HealthKit, Google Fit, and Misfit Wearables.

The database was discovered online for the first time on June 30, 2021, and it wasn’t password protected. It was in plain text, and an encrypted ID was also included. The geo-location were “America/New_York,” “Europe/Dublin,” and other user locations “all over the world.”

The researcher confirmed that the data repository had more than 61 million records, including sensitive information about users, such as names, DOB, gender, height, weight, GPS logs, and others. Out of this, most data was from Apple’s HealthKit and Fitbit.

The 16.71 GB database contained references to GetHealth, indicating that this company is the potential owner. The leaked data was verified the same day it was discovered. When GetHealth learned of the breach, it took urgent steps to protect its servers.

WebsitePlanet further says that it’s unknown for how long these records had been exposed or who else could have accessed the data. It won’t be wise to blame GetHealth, its partners, or customers because there is no evidence against any of them.

Also, there is no evidence that any customer or user data has been hacked. Moreover, the number of people affected before the database was restricted from the public is also unknown.

Some questions remain unanswered, and GetHealth has yet to respond. Further updates about the situation will be available after their responses.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.