Friday, January 22, 10:39
Home security V Shred: Customer and coach data leaks

V Shred: Customer and coach data leaks

V Shred

The Fitness brand V Shred exhibited personal information of 99.000 customers and coaches. Most worrying, however, is that it has not yet solved the problem with the database responsible for data leakage.

V Shred is a Las Vegas-based company that offers fitness programs for women and men, with an emphasis on fast workouts, The nutritional programs and food supplements. The company says it has customers in 119 countries, 12 million unique visitors to its site (per month) and more than 40.000 subscribers to its university program.

On Thursday, his research team vpnMentor revealed the leak of V Shred data. According to the data, a non protected AWS S3 bucket exposed the identities of at least 99.000 people.

The exposed bucket was discovered on May 14. Originally, it contained 1,3 million files (606 GB). The files contained names, home addresses, email addresses, dates of birth, social security numbers, social media account details, usernames, passwords, age, gender, nationality and more.

Among the files were three .CSV files. The most important of these was the 180MB one, which contained the identities of tens of thousands of people.

Some parts of the database, which included diet guides, training programs and user photos, remained accessible even after the leak was revealed.

Data leakage

CSV files that appear to contain coach and customer information remain exposed.

In addition, the database contains customer photos which show "before and after", ie the physical condition of the clients before starting the exercise and diet program and after starting it.

Based on the information in the database, it was not difficult to verify that V Shred was the owner. Both V Shred and AWS were notified of the problem on May 18 and 20, respectively.

V Shred responded to the research team by serving Amazon customers on June 1st. In communication with researchers, A member of the V Shred team denied that there was a problem with data leakage.

Initially, he said the database was only used to store web assets, CSS and media files, adding that if the data were not public, members would not be able to download their diet and exercise program.

In addition, V Shred said that in order to access such content, a link must have been shared or a user connection to credentials must have been made.

However, The researchers explained that the database is also open to anonymous users.

June 18, the main .CSV file, which contained identity information, was removed but the rest is still accessible.

"V Shred is a new company and seems to be run by a small team," said VPNmentor. "However, it is still responsible for protecting the people who use its products and for subscribing to its services. "Without this, V Shred endangers the privacy and security of individuals and the future of the company itself."


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


QNAP: New Dovecat crypto-miner infects NAS devices

QNAP has warned its customers about a new malware (crypto-miner) called Dovecat, which targets NAS (network-attached storage) devices ...

MyFreeCams: Two million files were stolen from the adult site

A database of the popular adult site MyFreeCams, has been leaked to a hacking forum, resulting in the data of its users to ...

FBI: Parler is called in to investigate the Capitol attack

Participants in the January 6 attack on the US Capitol are accused of their actions, as they seem to have published in Parler and ...

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...