Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Fitify Leaks 138K User Progress Photos

July 16, 2025
Reading Time: 3 mins read
in Incidents
Fitify Leaks 138K User Progress Photos

Fitify, a widely used fitness application boasting over 25 million installs, recently faced a significant data exposure incident due to a misconfigured Google cloud storage bucket. In early May, researchers from Cybernews identified that this Fitify-owned bucket was publicly accessible, allowing anyone to view its contents without requiring any passwords or security keys. While the exposed files included a range of materials such as workout plans and instruction videos, the most concerning discovery was the presence of highly sensitive user-uploaded content, specifically progress pictures and body scans.

The nature of these leaked images amplifies the severity of the breach. Users of Fitify, often aiming to track their body transformations, frequently upload “progress pictures” and utilize “body scans” that depict them in minimal clothing to clearly showcase changes in weight loss or muscle growth. This makes the exposed images exceptionally private, something users would typically prefer to keep confidential. Despite Fitify’s Google Play store description reassuring users that “data is encrypted in transit,” the discovery demonstrated that data was not sufficiently protected “at rest,” undermining user trust in the app’s stated security measures.

The extent of the Fitify data leak was substantial. The now-secured Google cloud storage bucket contained a staggering total of 373,000 files. Among these, 206,000 were user profile photos, and a significant 138,000 were explicitly labeled as progress pictures. Furthermore, 13,000 files were attached to messages with the app’s “AI coach,” and another 6,000 files constituted “Body Scan” data, complete with images and associated AI metadata. This comprehensive exposure encompassed deeply personal visual information, directly contradicting the expected privacy for an app designed to help users with their intimate fitness journeys.

Beyond the misconfigured cloud storage bucket, the Cybernews investigation also uncovered further security vulnerabilities within the Fitify application itself.

By analyzing a dataset of iOS apps, researchers found that Fitify’s application code contained hardcoded secrets, including Android and Google Client IDs, Google API Keys, Firebase URLs, and Project IDs. These hardcoded credentials, particularly those for the development environment, could potentially be exploited by attackers to gain access to even more customer data and the application’s backend infrastructure. This indicates that the misconfigured cloud storage was not an isolated incident but rather symptomatic of broader security oversight.

Upon being contacted by Cybernews researchers, Fitify Workouts, the company behind the app, acted swiftly to address the issue. The exposed Google cloud storage instance was promptly closed and removed from public accessibility. While this swift action mitigated further immediate risk, the incident underscores the critical importance of robust access controls, secure storage practices, and comprehensive security audits for applications handling sensitive user data, especially those within the health and fitness sector where personal information is often deeply intimate.

Reference:

  • Popular Fitness App Fitify Exposes 138,000 User Progress Photos
Tags: cyber incidentsCyber Incidents 2025Cyber threatsJuly 2025
ADVERTISEMENT

Related Posts

Hackers Exploit Microsoft Flaw in Canada

Hackers Exploit Microsoft Flaw in Canada

August 18, 2025
Hackers Exploit Microsoft Flaw in Canada

Colt Hit by Cyberattack Shuts Systems

August 18, 2025
Hackers Exploit Microsoft Flaw in Canada

Workday Discloses Data Breach

August 18, 2025
Croatian Institute Hit by Ransomware

Croatian Institute Hit by Ransomware

August 15, 2025
Croatian Institute Hit by Ransomware

Norway Dam Breached by Pro-Russian Hackers

August 15, 2025
Croatian Institute Hit by Ransomware

Hackers Leak Allianz Life Data

August 15, 2025

Latest Alerts

Plex Urges Users to Patch Fast

Man in the Prompt Reveals Hidden AI Threat

Fake Law Firms Exploit Crypto Victims

Zoom Patches Critical Windows Flaw

Charon Ransomware Hits Middle East

Hackers Use CrossC2 to Target Linux, macOS

Subscribe to our newsletter

    Latest Incidents

    Hackers Exploit Microsoft Flaw in Canada

    Colt Hit by Cyberattack Shuts Systems

    Workday Discloses Data Breach

    Hackers Leak Allianz Life Data

    Croatian Institute Hit by Ransomware

    Norway Dam Breached by Pro-Russian Hackers

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial