Skip to main content

Publicly Exposed Fitmetrix User Data

Posted by Julia

In the News 

Social media platforms and tech giants aren’t the only companies struggling to secure user data. In MindBody-owned Fitmetrix Exposed Millions of User Records-Thanks to Servers Without Passwords, Zach Whittaker at TechCrunch discusses a vulnerability in Fitmetrix’s data storage that left servers containing millions of user records exposed to the public. Whittaker explains that certain servers were not secured with a password leaving personal information easily accessible. While Whittaker reports that MindBody has secured the affected servers, he clarifies that the company has not yet issued a direct response to its customers regarding the incident.  

Our Take 

We often do not think about the security of our account information when the account acts as a bridge between other services. Accounts containing financial or medical information are often the accounts customers value the protection of the most. However, using cloud-based services such as Fitmetrix requires the same amount of vigilance on the consumer’s end to ensure that sensitive information is stored as securely as possible. The dangers that arise when companies fail to adequately protect user data includes potential identity theft and physical threats if location tracking information is compromised. While MindBody insisted that financial information was not accessible, the data that was exposed, including full contact information and geographical trends of users could jeopardize the physical safety of users. When inputting information into any online account, think about the information you are providing before you enter every last detail of your life into a company used by millions. 

Recommendations 

Follow Northwestern Information Security’s tips to be proactive about securing your data:  

  • Understand the risks of putting your personal information into the world, and only share what you have to  
  • Minimize the number of accounts that have direct access to your bank account or card numbers 
  • Don’t reuse your account passwords, and take advantage of multi-factor authentication where possible.
  • Stay up to date on news regarding recent fraud and phishing attacks to see if you may have been affected

Leave a Comment