Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Fitify Leaks 138K User Progress Photos

July 16, 2025
Reading Time: 3 mins read
in Incidents
Fitify Leaks 138K User Progress Photos

Fitify, a widely used fitness application boasting over 25 million installs, recently faced a significant data exposure incident due to a misconfigured Google cloud storage bucket. In early May, researchers from Cybernews identified that this Fitify-owned bucket was publicly accessible, allowing anyone to view its contents without requiring any passwords or security keys. While the exposed files included a range of materials such as workout plans and instruction videos, the most concerning discovery was the presence of highly sensitive user-uploaded content, specifically progress pictures and body scans.

The nature of these leaked images amplifies the severity of the breach. Users of Fitify, often aiming to track their body transformations, frequently upload “progress pictures” and utilize “body scans” that depict them in minimal clothing to clearly showcase changes in weight loss or muscle growth. This makes the exposed images exceptionally private, something users would typically prefer to keep confidential. Despite Fitify’s Google Play store description reassuring users that “data is encrypted in transit,” the discovery demonstrated that data was not sufficiently protected “at rest,” undermining user trust in the app’s stated security measures.

The extent of the Fitify data leak was substantial. The now-secured Google cloud storage bucket contained a staggering total of 373,000 files. Among these, 206,000 were user profile photos, and a significant 138,000 were explicitly labeled as progress pictures. Furthermore, 13,000 files were attached to messages with the app’s “AI coach,” and another 6,000 files constituted “Body Scan” data, complete with images and associated AI metadata. This comprehensive exposure encompassed deeply personal visual information, directly contradicting the expected privacy for an app designed to help users with their intimate fitness journeys.

Beyond the misconfigured cloud storage bucket, the Cybernews investigation also uncovered further security vulnerabilities within the Fitify application itself.

By analyzing a dataset of iOS apps, researchers found that Fitify’s application code contained hardcoded secrets, including Android and Google Client IDs, Google API Keys, Firebase URLs, and Project IDs. These hardcoded credentials, particularly those for the development environment, could potentially be exploited by attackers to gain access to even more customer data and the application’s backend infrastructure. This indicates that the misconfigured cloud storage was not an isolated incident but rather symptomatic of broader security oversight.

Upon being contacted by Cybernews researchers, Fitify Workouts, the company behind the app, acted swiftly to address the issue. The exposed Google cloud storage instance was promptly closed and removed from public accessibility. While this swift action mitigated further immediate risk, the incident underscores the critical importance of robust access controls, secure storage practices, and comprehensive security audits for applications handling sensitive user data, especially those within the health and fitness sector where personal information is often deeply intimate.

Reference:

  • Popular Fitness App Fitify Exposes 138,000 User Progress Photos
Tags: cyber incidentsCyber Incidents 2025Cyber threatsJuly 2025
ADVERTISEMENT

Related Posts

Arizona School District Data Breach

Ukrainian Hackers Breach Crimean Servers

September 30, 2025
Arizona School District Data Breach

Ransomware Gang Claims Maryland Breach

September 30, 2025

Arizona School District Data Breach

September 30, 2025
Attackers Take Down Asahi Brewer

Attackers Take Down Asahi Brewer

September 30, 2025
Attackers Take Down Asahi Brewer

Harrods Alerts Customers To Breach

September 30, 2025
Attackers Take Down Asahi Brewer

Hackers Steal Photos From Kido Nursery

September 30, 2025

Latest Alerts

Hackers Target Libraesva Email Flaw

ShadowV2 Botnet Targets Misconfigured AWS

Cisco Warns Of IOS Zero Day Bug

CISA Warns Of Critical Sudo Flaw

Cybercriminals Use Facebook Google Ads

Fake Microsoft Teams Installers Spread

Subscribe to our newsletter

    Latest Incidents

    Ukrainian Hackers Breach Crimean Servers

    Ransomware Gang Claims Maryland Breach

    Arizona School District Data Breach

    Attackers Take Down Asahi Brewer

    Harrods Alerts Customers To Breach

    Hackers Steal Photos From Kido Nursery

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial