Data Breach Report: Kinomap, Exercise App, Exposes 42 Million User Records

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a data breach belonging to the exercise technology company Kinomap. As a paid subscription service, Kinomap collects enormous amounts of data about its users, all of which was stored on an unsecured database. In total, the database was leaking over 42 million records, affecting people all over the world.

The researchers reached out to the company and presented the results of their investigation. While awaiting reply from Kinomap, they also contacted the Commission nationale de l’informatique et des libertés, France’s independent data privacy regulator. While they never received a reply from Kinomap, the data breach was closed sometime around the 12th of April. They suspect this was due to an intervention by the CNIL.

The exposed database contained over 40GB of data, approximately 42,000,000 records. It also seemed to affect Kinomap’s entire user base, as the data originated from countries across the globe, say the researchers, including the following:

Belgium
Finland
Hungary
Portugal
France
Germany
USA
Canada
Australia
Japan
South Korea
UK

Among the millions of data files exposed were numerous forms of Kinomap user Personally Identifiable Information (PII) data:

Full names
Home country
Email addresses
Usernames for Kinomap accounts
Gender
Timestamps for exercises
The date they joined Kinomap

Many of the entries, notes the blog, contained links to Kinomap user profiles and records of their account activity, which can reveal personal details about a user.

If a malicious hacker had discovered this database, they could easily combine the information contained within in numerous ways, creating highly effective and damaging fraud schemes and other forms of online attack, warn the researchers. Or, add the researchers, they could also potentially take over certain user accounts on Kinomap, using information contained within the database.

For the full blog and more findings, visit the vpnMentor blog.

*All images courtesy of vpnMentor.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.