Researchers discovered an unsecured database containing over 61 million records belonging to GetHealth. GetHealth describes itself as a unified solution to access health data from wearable fitness and health devices; and is compatible with Fitbit, Misfit Wearables, Microsoft Band, Strava, and Google Fit. Researchers say the database included sensitive information such as names, date of birth, weight, height, gender, and GPS logs. Although it is unknown how long the data was exposed, GetHealth has secured the exposed data and stated the issue was resolved. Researchers believe the majority of the exposed data was from Fitbit and Apple’s HealthKit.
Threat actors often sell or trade stolen data on the dark web which then is used for further cybercrimes. If you have been a victim of a data breach immediately change all passwords to any accounts that may have been compromised. Enable Multi-Factor Authentication (MFA) on all accounts. Notify your financial institutions and monitor your accounts to identify any unusual activity.