After the data leaks by the popular parenting app TeenSafe, vulnerabilities are now being reported for fitness apps too. This time, the limelight is on the popular fitness app PumpUp. It seems that the fitness app that is helping people in maintaining their healthy lifestyle itself became ‘unfit’. A recent report reveals how PumpUp leaked health data and private messages of its users.
PumpUp Leaked Health Data And Other Private Details Of Subscribers
The Ontario-based company PumpUp has been famous among fitness-freaks as it provides them convenient access to the fitness coaches. PumpUp app also helps its subscribers in discovering new workouts and connecting with other users.
However, the company allegedly did not succeed in maintaining effective ‘fitness’ of its security features. As reported by the security researcher Oliver Hough, the company had left its core backend server on Amazon unencrypted. Since this server has no password, anyone could easily monitor the user logins, their conversations, dates of birth, location, and other such sensitive information.
In fact, the users logging in through their Facebook accounts were also unknowingly putting their accounts at risk. In short, everything that a user would have entered to this app was exposed.
The Leaky Server Is Now Secured!
The company authorities, including the Chief Executive Garrett Gottlieb, and other staff members were duly informed about this error. However, they remained silent to comment about their plan of action to handle this matter.
However, the companies leaky server is now secured. It seems that authorities would have taken action sometime earlier this week.
This Isn’t The First-Time With Amazon Cloud Servers
Leaving official servers unencrypted is never safe. Notably, several reports of data leaks recently surfaced online where we can see one or the other Amazon Cloud server as the source. A few days ago, reports revealed how TeenSafe leaked its users’ data through its cloud servers. This time, we hear the same for PumpUp. Certainly, it is high time for all other organizations who are using Amazon Cloud servers to take appropriate security measures to ensure their customers’ privacy. In fact, anyone that has not encrypted its servers must put a password now to stay protected against potential data breaches.
Let us know your thoughts in the comments below.