DATA BREACH: London Fitness Gym Chain Exposed 500K Customer Receipts Online

DATA BREACH: London Fitness Gym Chain Exposed 500K Customer Receipts Online
By Jeremiah Fowler -  Cybersecurity Researcher Website Planet
Syndicated By: Iain Fraser - Cybersecurity Journalist Gibraltar

9th May 2023

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password protected database that contained over 1.3 million records in total. Upon further investigation it became clear that these records were associated with a fitness and wellness organization.

The exposed records indicated that they belonged to a British company called Move Your Frame or sometimes referred to as Frame, which is a fitness and wellness organization that offers over 1,300 classes, including yoga, dance, pilates, and strength training, aimed at improving overall health and well-being. They also offer personal training sessions and online classes, and have 7 studios located in London, UK.

When I discovered the open server, I immediately sent a responsible disclosure notice to the alleged owners, that the database was publicly accessible. The database was secured within hours of the discovery and reporting of the exposure, but I did not receive any reply. The types of records inside the database appear to range from sales and marketing-related documents to content and customer management. 

This also included more than 500,000 payment receipts that revealed customer names, physical home addresses and email addresses inside the database.

According to their website, the Frame mobile app allows users to; “Book an in-studio class, create your own timetable on-demand or ‘show up’ to a livestream class from virtually anywhere. Users can manage their account directly from the app, check bookings, update billing details and check credit available to use”. 

The first Frame fitness studio opened in 2009 in Shoreditch, followed by the Queens Park location in 2012 and Kings Cross in 2015. In 2016 Frame opened in Victoria and their first stand alone Yoga studio in Kings Cross. In 2018 Frame opened two new sites in Hammersmith and Fitzrovia. Learn More /...

About Jeremiah Fowler

Jeremiah Fowler is a Security Researcher and co-founder of Security Discovery. Jeremiah began his career in security research in 2015 and has a mission of data protection. He has helped identify and secure the data of millions of people around the world. His discoveries have been covered in Forbes, BBC, Gizmodo, among others. Security and responsible disclosure are not only a passion, but a way of protecting our digital lives. Learn More /...

About Website Planet

Website Planet is THE place you come to when you want information about building and marketing a website – whether you want to find reliable services, use a good learning center or look for a fabulous new template.

We rather fancy ourselves as superheroes in fact. We cut through the confusion and give you the information you’re looking for in a simple, structured way so you can make decisions about what to use to guarantee your success. It also gives us an excuse to walk around with a cool cape.

We’re experts who insist on working only with other experts. We hate needless noise and make sure to boil everything down to what’s important. Learn More /...

Cybersecurity Journalist

About Cybersecurity Journalist - Iain Fraser

Daily Cyber Insights | Iain Fraser - Cybersecurity & Geopolitical Journalist, Authority Writer, Commentator, Consultant Editor - Cybersecurity & Geopolitics | Gibraltar & Málaga City - Cybersecurity & Geopolitical Awareness, Threat Management, Compliance and Best Practice Mitigation. Voted Top 30 Cybersecurity News Websites Globally in 2023 for Information Security by Feedspot #CyberJourno #Scambaiter - Available for Assignments - Articles, Web Content, Guest Blogger.


Post a Comment

Note: only a member of this blog may post a comment.