CybersecuritySecurity NewswireCybersecurity News

Data Breach Report: Kinomap, Exercise App, Exposes 42 Million User Records

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news
April 23, 2020

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a data breach belonging to the exercise technology company Kinomap. As a paid subscription service, Kinomap collects enormous amounts of data about its users, all of which was stored on an unsecured database. In total, the database was leaking over 42 million records, affecting people all over the world.

The researchers reached out to the company and presented the results of their investigation. While awaiting reply from Kinomap, they also contacted the Commission nationale de l’informatique et des libertés, France’s independent data privacy regulator. While they never received a reply from Kinomap, the data breach was closed sometime around the 12th of April. They suspect this was due to an intervention by the CNIL.

The exposed database contained over 40GB of data, approximately 42,000,000 records. It also seemed to affect Kinomap’s entire user base, as the data originated from countries across the globe, say the researchers, including the following:

  • Belgium
  • Finland
  • Hungary
  • Portugal
  • France
  • Germany
  • USA
  • Canada
  • Australia
  • Japan
  • South Korea
  • UK

Among the millions of data files exposed were numerous forms of Kinomap user Personally Identifiable Information (PII) data:

  • Full names
  • Home country
  • Email addresses
  • Usernames for Kinomap accounts
  • Gender
  • Timestamps for exercises
  • The date they joined Kinomap

Many of the entries, notes the blog, contained links to Kinomap user profiles and records of their account activity, which can reveal personal details about a user.

If a malicious hacker had discovered this database, they could easily combine the information contained within in numerous ways, creating highly effective and damaging fraud schemes and other forms of online attack, warn the researchers.  Or, add the researchers, they could also potentially take over certain user accounts on Kinomap, using information contained within the database.

For the full blog and more findings, visit the vpnMentor blog. 

*All images courtesy of vpnMentor. 

KEYWORDS: cyber security data breach personally identifiable information (PII) privacy concerns

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Related Products

See More ProductsSee More Products

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!