Recently, the U.S. fitness chain the Town Sports International has suffered a data breach, in which more than 600,000 records of its members and employees have been exposed and available publicly on the web without any password or any other authentication.
Town Sports International is the proprietor of well-known fitness centers and gyms in the United States that also include New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, and Total Woman Gym and Spa.
Timeline of the exposure
The cybersecurity experts Toivonen alerted the security research Diachenko regarding the exposed database; he affirmed that the database was first seen in the wild 11 months ago on November 30, 2019. That’s why Diachenko sends a reliable revelation notice to Town Sports on September 21, 2020.
However, the whole database has been guarded one day later, on September 22, 2020. They also stated that they dont know if any unauthorized parties entered the data while it was flashed, but affected customers and staff could understand the situation well.
Moreover, the Town sport International asserted that their investigation shows that all the unsecured databases can be exposed, stolen, and struck within just a few hours of exposure.
According to the Comparitech research, the customer and employee records were collected in an Amazon S3 bucket, and each record included all these following info:-
- Full name
- Street address
- Phone number
- Email address
- Last four digits of credit card
- Credit card expiration date
- Billing history
Apart from this, no account passwords, CVVs, or full credit card numbers were collected in the database. As Diachenko analyzed a database that contained the user records for almost 600,000 members and staff, and it also contained personal information.
Apart from this, to be safe, it is safer to consider that someone, other than the researchers, may have obtained the data and be on the outlook for targeted phishing emails.
According to the cybersecurity researchers, “Scammers can utilize the database’s data to make the message seem more acceptable and convincing. As Phishing messages usually comprise links to phishing pages that seem authentic and often similar to its official website.”
But Comparitech asserted that “the threat actors design the website in such a manner that users will get confused and then the threat actor steal passwords or payment info.”
The experts are still investigating the whole matter and are now trying to track down the actual attacker. They also affirmed that they would notify each detail regarding the conflict so that the data can be secured as soon as possible.