An exposure online has affected more than 61 million records from an unsecured database related to wearable technology and fitness services. Cybersecurity researchers reported last Monday that the exposed database belongs to GetHealth.
GetHealth is an organization based in New York which prides itself as a combined solution to access health and wellness data for hundreds of wearables, medical devices, and applications. The platform of GetHealth can roll out health-related data from many different resources such as Misfit Wearables, Fitbit, Strava, Google Fit, and Microsoft Band.
Unfortunately, last June 30 this year, researchers discovered that the firm’s online database, which consists of many records, is not password protected, making it unsecured from potential threats. More than 61 million records are stored in the exposed database and consist of sensitive information such as names, birthdays, genders, height, weight, GPS logs, and more.
As the researchers sampled some sets of about 20,000 records in verifying the exposed data, it was discovered that most data sources came from Apple’s HealthKit application and Fitbit.
In addition to the findings, the information is in plain text, while some IDs appeared to have been encrypted. The exposed data also shows where the data is stored and a blueprint of the network’s process in executing operations from the backend.
The 16.71GB worth of exposed database was referenced towards GetHealth as the potential owner.
When these data were validated and discovered, researchers have reached out to the firm to notify them about the findings. The GetHealth team has responded quickly upon being informed and has secured their systems within few hours. They have informed the security researchers about resolving the issue as soon as possible and were grateful for the immediate notification.
Nonetheless, researchers expressed that it is unknown how long the records were exposed and who may have had access to the database. GetHealth has once again been contacted by researchers regarding the issue. However, feedback is still afloat.