More than 60 million files related to wearables and fitness trackers have been exposed to the internet by an unsafe database.
On Monday, the WebsitePlanet, together with the cyber security researcher, Jeremiah Fowler, they said that the database belonged to GetHealth.
GetHealth is characterized as a “integrated solution for accessing health and wellness data from hundreds of wearable medical devices and applications“. The company's platform is able to extract health related data from sources such as Fitbit, Misfit Wearables, Microsoft Band, Strava and Google Fit.
On June 30, 2021, the team discovered an Internet password-protected database.
The researchers said more than 60 million files were in the repository and exposed, including vast amounts of user information, some of which could be considered personal such as their names, dates of birth, weight, height, gender and GPS logs, among other data sets.
In sampling a total of approximately 20.000 files for data verification, the team found that the majority of data sources came from Fitbit and its HealthKit Apple.
References to GetHealth in the database indicated that the company was the potential owner and as soon as the data was validated on the day of the discovery, Fowler privately notified the company of his findings. GetHealth responded quickly and the system was secured within hours. The same day, the company's CTO contacted him, informed him that the security issue had now been resolved and thanked the investigator.
"It is not clear how long these files have been exposed or who else may have accessed the data set", Said WebsitePlanet. "[…] We do not imply any breach by GetHealth, its customers or affiliates. Nor do we imply that any customer or user information was compromised. "We could not determine the exact number of people infected before the database restricted public access."