Personal data of 600,000 customers of U.S. fitness chain exposed Online

Personal data of 600,000 customers of U.S. fitness chain exposed Online

An unprotected database containing private data of Town Sports’ employees and members was leaked on the internet.

A US-based fitness chain Town Sports International exposed personal records of over 600,000 employees and members on the internet due to a misconfigured database, reported Comparitech.

Town Sports is a chain of gyms, spas, and fitness clubs with branches across the northeast U.S. and has around 600,000 members. The company owns many brand names, including Around the Clock Fitness, My Sports Clubs, Total Woman, and Lucille Roberts.

See: Fitness firm V Shred exposes 606 GB worth of customer data

According to Comparitech researchers, the database was neither password-protected nor required any other authentication process for granting access.

As a result, private data, including full names, billing histories, contact information, street address, email address, and limited payment information such as credit card expiration date and last four digits, were leaked online.

However, account passwords, full credit card numbers, and CVVs weren’t part of this database. The records were stored in an Amazon S3 bucket.

According to a blog post published by Comparitech, security researcher Bob Diachenko was tipped by cybersecurity expert Sami Toivonen regarding the exposed database on 21 Sep 2020. However, the exposed database was first discovered on the web at least eleven months back on 30 Nov 2019.

The s ..