Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Fitness Bands. Show all posts
User Privacy
Data Breach Fitness Bands Strava UK Military User Privacy

Fitness Tracking Under Fire: Strava Leak Exposes Military Personnel

 

Fitness tracking apps have become a daily habit for millions of people, but a new Strava military data leak is raising old privacy fears again. According to recent reporting, activity logs linked to more than 500 UK military personnel were exposed through exercise data that could be connected to sensitive locations. What looks like an innocent run or bike ride can, when combined with account details and route history, reveal where people live, work, and train. The case is a reminder that fitness data is not just about calories and distance; it can also map routines, movement patterns, and security-sensitive sites. 

The problem is not limited to one incident. Strava has faced privacy concerns before, including warnings that its heatmap and route-sharing features could be used to identify military bases, homes, and individual users. Researchers have shown that even anonymized or aggregated location data can be re-identified when enough patterns are available. In earlier cases, public activity data exposed military facilities and personnel movements, prompting defense agencies to tighten guidance on how service members use connected devices. That history makes the latest leak more troubling because it shows the same basic risk still exists. 

At the heart of the issue is location data. Fitness apps collect GPS routes, timestamps, workout frequency, and sometimes health-related information such as heart rate or sleep trends. When that information is shared publicly, or even stored in ways that can be aggregated, it becomes easier to infer personal routines and secure locations. Privacy settings help, but they are not always enough if users do not understand how default sharing, heatmaps, and visible activity histories work. That gap between user expectations and data reality is what makes these apps risky. 

For military organizations, the lesson is clear: location discipline matters. Personnel need stronger rules on wearable devices, stricter defaults for app privacy, and regular training on how seemingly harmless data can be weaponized. For consumers, the safer approach is to review visibility settings, disable public sharing, and avoid recording workouts near home, workplace, or sensitive sites. Even if an account is private, route patterns and aggregated data can still create exposure in unexpected ways. 

The broader debate goes beyond one app. Fitness platforms profit from collecting valuable data, while users often assume their information stays personal. As regulators and security experts push for stronger protections, the Strava case shows that privacy in the connected fitness world depends on more than trust alone. It depends on design, defaults, and disciplined use.
Read more »
Healthcare
Apple HealthKit Cyber Attacks Data Leaked FitBit Fitness Bands Healthcare

16.17 GB of User Data Stored in Fitness Bands, Exposed

 

The development and sudden boom in IoT equipment in the healthcare sector have resulted in the surge of cyber attacks. The use of wearable equipment such as health trackers and fitness bands has recently grown common. The safety and security features of these fitness trackers are an ongoing worry since they have a lot of important information about the user. 

Recently, 16.18 GB of unencrypted database disclosing over 61 million records of users stored in their fitness wearables was identified in the latest security analysis at WebsitePlanet. A substantial percentage of disclosed records were all related to IoT fitness and health monitoring devices. 

Following additional research, several references were made to "GetHealth," a New York City-based firm that claims a unified solution for hundreds of wearables, healthcare devices, and apps to access health and wellness data. The GetHealth database was not encrypted by default and allows easy accessibility for everyone. After researchers have notified GetHealth, the database is now encrypted. 

GetHealth platform can synchronize health-related information from a multitude of sources, such as Fitbit, Misfit Wearables, Microsoft Band, Strava, Google Fit, 23andMe, Daily Mile, FatSecret, Jawbone UP, Life Fitness, MapMyFitness, MapMyWalk, Moves App, PredictBGL, Runkeeper, Sony Lifelog, Strava, VitaDock, Withings, Apple HealthKit, Android Sensor, and S Health.

Plenty of the information leaked comprised the first and last names of users, date of birth, body weight, height, sex, geolocation, etc. “This information was in plain text while there was an ID that appeared to be encrypted. The geolocation was structured as in America/New_York, Europe/Dublin and revealed that users were located all over the world,” WebsitePlanet said. 

Whereas the researchers analyzed a sample of 20,000 records, the majority of leaked data were from Fitbit (2.766 times) as well as from Apple HealthKit (17,764). This security flaw affects a majority of the customers of Apple Healthkit because Healthkit gathers deeper health information than any other instruments or applications, like blood pressure, body weight, sleep levels, and blood glucose. 

Fitness trackers are equipped with vital information to monitor the user's health. This might also lead to several privacy problems, regrettably. The confidential material of users is a financial enterprise for individuals in charge of threats. In tailored phishing attacks, identity thefts, or social engineering attacks, the data may be abused by cybercriminals. 

“This case sets an example of how lack of care with sensitive data can make risks escalate indefinitely, as millions of people were exposed simply by wearing tracking devices during their workout sessions,” WebsitePlanet added.
Read more »
Subscribe to: Posts (Atom)