Kinomap database hack exposed PII data for 42 million users

A database and records of 42 million users across the globe were found compromised and exposed on the internet from the fitness software company Kinomap. Kinomap provides a virtual training platform, in which users can exercise in front of large screens with interactive videos of popular running, cycling and rowing tracks/courses from around the world. According to vpnMonitor, it collects an ‘enormous amount of data' and now the question on our minds following our recent cybersecurity and data privacy webinar with Rize ETF is what will the GDPR and CCPA ramifications be?

The data breach was found on March 16 by the open-database hunting team of Noam Rotem and Ran Locar of vpnMentor’s. Kinomap creates immersive, interactive workout videos for use with various types of fitness machines, including the popular Peloton products, along with coaching and personal trainer videos.

The database contained 40GB of records covering 42 million people from 80 countries. The PII included full names, home country, email addresses, usernames for Kinomap accounts, gender, timestamps for exercises and the date they joined Kinomap.

“We use elastic to deliver public information on videos, members, activities quickly on our website and in the apps. However, we’ve taken the situation seriously as it should and have asked for a 3rd-party security auditor to make a deeper analysis and report,” Moity said.

“If a malicious hacker had discovered this database, they could easily combine the information contained within in numerous ways, creating highly effective and damaging fraud schemes and other forms of online attack,” Rotem and Locar said.

Source: Fitness software maker Kinomap leaves database open exposing 42 million users | SC Media