GetHealth, a health and wellness company in New York City, leaked data from a non-password protected database. It contained over 61 million records, exposing data from Apple HealthKit and Fitbit .

GetHealth Data Leak

  • Total Size: 16.71 GB / Total Records: 61,053,956
  • Internal records exposed the following: deviceapi_profile, type, id, score, source, source_id, weight, e_id, fetched_time, height, birthday, gethealthID, first_name, last_name, display_name, url, gender, org_id, time_zone.

Data sources include Fitbit, appearing 2,766 times and instances of what appears to be Apple’s Healthkit at 17,764 records. Other apps and devices may have also been include. GetHealth can sync data from the following: 23andMe, Daily Mile, FatSecret, Fitbit, GoogleFit, Jawbone UP, Life Fitness, MapMyFitness, MapMyWalk, Microsoft, Misfit, Moves App, PredictBGL, Runkeeper, Sony Lifelog, Strava, VitaDock, Withings, Apple HealthKit, Android Sensor, S Health.

GetHealth was notified of the findings from WebsitePlanet and security researcher Jeremiah Fowler, and the company has secured the data.

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
W. Abdullah Brooks, MD

Andrew:

‘…from a non-password protected database’.

In the ninth month of 2021, we just need to let those words sink in. 

That’s not a leak. That’s cybernetic malpractice. 

gGrant

Health database.
Let that sink in.