Fitness Brand Leaks PII of 90K Fitness Trainers and Customers – Expert Commentary

Security researchers found an unsecured AWS S3 bucket belonging to fitness brand V Shred that exposed the personally identifiable information (PII) of roughly 99,000 prospective customers, current clients, and trainers. Files contained names, home addresses, email addresses, dates of birth, some Social Security numbers, social media accounts details, usernames and passwords, age ranges, genders, and citizenship status, and much more.

Chris DeRamus , VP of Technology Cloud Security Practice,  Rapid7
July 03, 2020
The information that was exposed is highly valuable to bad actors, who harvest this kind of data to sell on dark web marketplace.
Leaving a database publicly accessible without any security barriers in place is one of the most common yet easily preventable causes of data leaks and breaches. In fact, data breaches involving cloud misconfigurations increased by 80% from 2018 to 2019. With the self-service nature of the cloud, users may not be adequately familiar with cloud security settings and best practices, resulting in dev ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article