Customer records have been compromised in a recent data breach at Mindbody. The popular gym and wellness scheduling service’s recently acquired fitness tracking company FitMetrix inadvertently exposed more than 113 million user records because its servers were not password-protected.
According to the New York Post, FitMetrix is adamant that no log-in credentials, passwords, credit card information or health data were compromised. However, personal information such as names, genders, weights, heights, shoe sizes, contact information and photographs were exposed.
“We recently became aware that certain data associated with FitMetrix technology stored online may have been publicly exposed,” said Mindbody CISO Jason Loomis. “We took immediate steps to close this vulnerability.”
Mindbody counts among its clientele popular boutique fitness classes such as CrossFit and SoulCycle, as well as big-name gyms like Life Time Fitness, Cyclebar and Gold’s Gym. So far, it is not clear how many individual users were affected by the breach.