A leading fitness software company may have exposed millions of customer records by failing to protect a cloud database.
Researcher Bob Diachenko said he found the exposed database hosted on AWS via a simple Shodan search for unsecured Elasticsearch instances which could be targeted by ransomware attackers.
He found the cloud store of 119GB of data belonging to Fitmetrix, with two identical sets of data and two IP addresses. Interestingly one was labelled as “compromised” as it contained a ransom note from an ultimately unsuccessful attempt to extort the company.
By Phil Muncaster
To read the full article click here.