Priya Patel
TLDR:
- UK health club Total Fitness exposed over 474,000 images of members and staff through an unprotected database.
- The database also contained sensitive information such as identity documents, bank details, and phone numbers.
A security researcher discovered that Total Fitness had left a database containing personal images of members and staff unprotected and accessible without a password. The database, totaling 47.7GB, included images of men, women, and children, as well as sensitive information like identity documents and payment details. This raised concerns about privacy and data protection practices. Total Fitness stated that the images were collected for legitimate business purposes, but the researcher found that the majority of the database comprised images of members. The company claimed that there was no evidence of unauthorized access to the database other than the researcher. The UK’s Information Commissioner’s Office (ICO) was informed of the situation, and Total Fitness pledged to support any investigations. Potential risks include the misuse of images for identity theft or scams using deepfake technology.
