Filippo Morgante13/09/2021 ore 22:28
On June 30, a site research team WebsitePlanet, in collaboration with the security researcher Jeremiah Fowler, had discovered the presence of a database not password protected which contained over 61 million records stemming from fitness monitoring devices belonging to users around the world. Going deeper, the researchers then identified numerous references to “GetHealth“, A New York-based company that offers a unified solution for accessing health and wellness data from hundreds of wearable medical devices and apps.
ALSO READ: GoPro Hero 10 Black: specifications and prices before launch
Fortunately, it was people who discovered this flaw they had no malicious purposes, and then reported everything to the company concerned which in turn proceeded toimmediate securing. As you can also see from the images in the galleria at the end of the article, the records contained many sensitive data of users such as: name and surname, display name, date of birth, weight, height, gender, geographic location and more. All this information was clearly legible, while an ID was encrypted.
Out of a sample of about 20,000 records, the wearables cited as the source of this data were manifold. The largest number of instances belonged to Healthkit Apple (17,764), while in second place it was positioned Fitbit (2,766 occurrences). Also other apps and devices they may have been hit. GetHealth is in fact able to synchronize data from the following: 23andMe, Daily Mile, FatSecret, Fitbit, GoogleFit, Jawbone UP, Life Fitness, MapMyFitness, MapMyWalk, Microsoft, Misfit, Moves App, PredictBGL, Runkeeper, Sony Lifelog, Strava, VitaDock , Withings, Apple HealthKit, Android Sensor, S Health. The total size of the exposed files was equal to 16,71 GB, within which they were registered 61,053,956 lines.