IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Kinomap data breach exposes 42 million records

40GB of exposed data includes users' names and personal details

Millions of records belonging to users of a fitness technology app were exposed online for almost a month due to a misconfigured database, including a swathe of personal details.

Approximately 40GB worth of information belonging to users of Kinomap, a service that creates immersive workout videos for people on rowing and cycling machines as well as treadmills, was discovered by security researchers in March.

This enormous amount of data amounted to 42 million records and affected the platform’s entire user base, including people from a number of countries across the UK, Europe and the US. The data was discovered by researchers at vpnMentor as part of a web-mapping project on 16 March, with the public access to the database closed on 12 April. 

The data exposed included full names, email addresses, gender, timestamps for exercises, the date users joined Kinomap, as well as a great deal of personal data revealed indirectly. 

Many of the entries linked to user profiles and records of account activity which, in a similar way to social media profiles, could reveal a lot about individuals.

Should hackers have discovered the database, they could have combined the information in numerous ways, by devising fraud schemes and other forms of online attack against victims. They could also have taken over user accounts on Kinomap. 

Many of the exposed entries, for instance, included access keys for Kinomap’s API, which cyber criminals could have used to gain full access to a user account, and lock users out.

“By not having more robust data security in place, Kinomap made its users vulnerable to a wide range of frauds,” said vpnMentor’s team, which was led by security experts Noam Rotem and Ran Locar.

Related Resource

Remote office networks pose a business and reliability risk

A survey of IT professionals shows that nearly every company suffers direct business impact from network service interruptions

Download now

“With millions of people across the globe now under quarantine at home due the Coronavirus pandemic, the impact of a leak like this grows exponentially. Unable to access their usual forms of exercise, many people will be turning to apps like Kinomap to stay fit and upbeat during the crisis.

“Hackers will be aware of this and looking for opportunities to exploit the increased user numbers on apps without adequate data security in place. However, Kinomap itself was also vulnerable. A data leak of this nature could seriously endanger the health and finances of the company.”

The researchers have suggested that Kinomap may face several repercussions as a result of the breach, including an investigation conducted by data protection authorities over potential GDPR violations

Kinomap could have easily avoided this leak if it had taken basic security measures to protect the database, including securing its servers, implementing proper access rules and not leaving a system that didn’t require authentication open.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022