Sensitive Data of At least 99,000 Users Exposed!
V Shred claims to have a presence in over 119 countries, and 12 million unique visitors to its website every month. It’s focused on fast workouts, nutrition plans, and supplements regarding fitness, and has 40,000 subscribers to its University program! And now, as reported by ZDNet, V Shred’s database stored in AWS S3 bucket was open! This was first discovered by the VPNmentor research team, on May 14 this year. The open bucket consisted of about 1.3 million files (totaling 606GB) relating to at least 99,000 users. Within files, there were three CSV files as one lead generation list, a clients’ email list, and a trainer list. And the entire file contained personally identifiable information like users’ names, home addresses, email addresses, dates of birth, some Social Security numbers, social media accounts details, usernames and passwords, age ranges, genders, and citizenship status and other data points. Particularly in.CSV file, which weighted 180MB, has details of tens of thousands of users. Further, there are before-and-after photos of members too. After explaining that it’s accessible to anonymous people too, V Shred has removed the.CSV file containing PII of members, but still left the rest of the bucket open. It claims the database would be accessible only to its members who receive a link to their diet or training plan and need to login, thus safe. Via: ZDNet

