Kinomap data breach exposes 42 million records

40GB of exposed data includes users' names and personal details

Millions of records belonging to users of a fitness technology app were exposed online for almost a month due to a misconfigured database, including a swathe of personal details.

Approximately 40GB worth of information belonging to users of Kinomap, a service that creates immersive workout videos for people on rowing and cycling machines as well as treadmills, was discovered by security researchers in March.

Advertisement - Article continues below

This enormous amount of data amounted to 42 million records and affected the platform’s entire user base, including people from a number of countries across the UK, Europe and the US. The data was discovered by researchers at vpnMentor as part of a web-mapping project on 16 March, with the public access to the database closed on 12 April. 

The data exposed included full names, email addresses, gender, timestamps for exercises, the date users joined Kinomap, as well as a great deal of personal data revealed indirectly. 

Many of the entries linked to user profiles and records of account activity which, in a similar way to social media profiles, could reveal a lot about individuals.

Should hackers have discovered the database, they could have combined the information in numerous ways, by devising fraud schemes and other forms of online attack against victims. They could also have taken over user accounts on Kinomap. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Many of the exposed entries, for instance, included access keys for Kinomap’s API, which cyber criminals could have used to gain full access to a user account, and lock users out.

“By not having more robust data security in place, Kinomap made its users vulnerable to a wide range of frauds,” said vpnMentor’s team, which was led by security experts Noam Rotem and Ran Locar.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

“With millions of people across the globe now under quarantine at home due the Coronavirus pandemic, the impact of a leak like this grows exponentially. Unable to access their usual forms of exercise, many people will be turning to apps like Kinomap to stay fit and upbeat during the crisis.

“Hackers will be aware of this and looking for opportunities to exploit the increased user numbers on apps without adequate data security in place. However, Kinomap itself was also vulnerable. A data leak of this nature could seriously endanger the health and finances of the company.”

Advertisement - Article continues below

The researchers have suggested that Kinomap may face several repercussions as a result of the breach, including an investigation conducted by data protection authorities over potential GDPR violations

Kinomap could have easily avoided this leak if it had taken basic security measures to protect the database, including securing its servers, implementing proper access rules and not leaving a system that didn’t require authentication open.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Most Popular

Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

5 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020