GetHealth, a health and wellness company in New York City, leaked data from a non-password protected database. It contained over 61 million records, exposing data from Apple HealthKit and Fitbit .
GetHealth Data Leak
- Total Size: 16.71 GB / Total Records: 61,053,956
- Internal records exposed the following: deviceapi_profile, type, id, score, source, source_id, weight, e_id, fetched_time, height, birthday, gethealthID, first_name, last_name, display_name, url, gender, org_id, time_zone.
Data sources include Fitbit, appearing 2,766 times and instances of what appears to be Apple’s Healthkit at 17,764 records. Other apps and devices may have also been include. GetHealth can sync data from the following: 23andMe, Daily Mile, FatSecret, Fitbit, GoogleFit, Jawbone UP, Life Fitness, MapMyFitness, MapMyWalk, Microsoft, Misfit, Moves App, PredictBGL, Runkeeper, Sony Lifelog, Strava, VitaDock, Withings, Apple HealthKit, Android Sensor, S Health.
GetHealth was notified of the findings from WebsitePlanet and security researcher Jeremiah Fowler, and the company has secured the data.
Andrew:
‘…from a non-password protected database’.
In the ninth month of 2021, we just need to let those words sink in.
That’s not a leak. That’s cybernetic malpractice.
Health database.
Let that sink in.