Whether you are a professional athlete, casual runner or enjoy tracking your fitness level, you need an app to record progress. There are many of these apps available, and some smartphones come pre-installed with them. Tap or click here for five health apps you never knew existed.
These are great for keeping tabs on your exercise routine, food intake or how many calories you burn. Most like to keep those details private, but security researchers recently found a massive stash of fitness records exposed through a non-password-protected database.
Upon further investigation, it turns out that the database belongs to New York City-based company GetHealth. As part of its worldwide services, it stores information from fitness wearables, medical devices and apps. Keep reading to find out what data was exposed and if yours is at risk.
Here’s the backstory
The massive breach spans almost 17GB worth of data, all stored in a plain text file that required no password to access. According to Website Planet, the healthcare sector experiences more data breaches than any other industry. The exposed data of this leak includes information from apps like:
- Sony Lifelog
- Apple HealthKit
- Android Sensor
- S Health
Most of these apps collect data that includes your fitness level, heart rate, profile details, weight and tracking of where you run or stay active. But while those data points don’t seem too bad, other exposed information includes:
- GetHealth ID
- First and last name
- Display names
- Time zone
- What fitness device you are using
Protecting your data
The database has since been secured, but that doesn’t mean the information didn’t already fall into the hands of bad actors. It’s unknown how long the data was exposed or if it made its way onto the Dark Web or black market.
There are ways that you can see if your information has been exposed. Not just for this breach but any previous hack. You can put your email address into the online tool HaveIBeenPwned and see if the information was compromised. Tap or click here for more details on the tool.
If you have been affected by this breach, you need to be aware of a couple of things. Scammers can use the data for nefarious things like identity theft and more. So be on the lookout for phishing emails and follow these precautions:
- Don’t let them know your account is active – Never reply to an email from someone who you don’t know. Replying tells spammers your account is active and you’ll receive more spam emails.
- Avoid malicous links – Don’t click on links or download attachments from unsolicited emails. They could be malicious and infect your device with malware or lead to stealing account credentials.
- Enable 2FA – Set up two-factor authentication for any accounts or services that have it as an option. Tap or click here for more details on 2FA.