Security

Fitness firm V Shred exposes 606 GB worth of sensitive customer data

V Shred was launched in 2016 in the United States.

Another day, another data breach. This time, V Shred, a fitness, nutrition, and supplement brand has exposed personal and sensitive data of almost 100,000 customers and trainers.

The breach took place because of a misconfigured Amazon Web Service (AWS) S3 bucket that exposed 606 GB worth of data without any password or security authentication to public access. The trove of  exposed data included:

Age
Gender
Full names
Date of birth
Spouse names
Email address
Phone numbers
Home addresses
Health conditions
Citizenship status
Social security number
Social media accounts
Username and password




It doesn’t end here. According to vpnMentor, the company that identified the database and shared their report with Hackread.com, users’ Personally identifiable information (PII), profile photos including “very revealing ‘before and after’ body photos” of customers in the United States were also exposed to public access.

Screenshot via vpnMentor

Although it is unclear if the data was accessed by third-party with malicious intent, if it did, the damage has already been done. For instance, V Shred users are now exposed to online as well as physical scams including phishing, identity theft, and blackmailing.

V Shred could potentially lose a lot of customers and followers due to this data breach. People may be reluctant to trust a company that doesn’t sufficiently protect their most private and sensitive data, said vpnMentor’s researchers in a blog post.

The researchers warned that the exposed data can also be used by V Shred’s competitors for negative marketing. Therefore, if you are a V Shred’s customer it is time to get in touch with the company and inquire about the data breach. 

Furthermore, change the password of your email address along with social media accounts. Keep an eye on suspicious emails as cybercriminals can now target you with phishing or malware attacks.

See: 47% of online MongoDB databases hacked demanding ransom

For database administrators, it is advised to scan for misconfiguration regularly and implement proper security authentication on their databases. Usually, small businesses would assume that no attacker would be on their throats seeing the low theft potential they present and how they being hacked would be akin to catching a needle in a haystack.

You Might Also Like