Alleged security breach at Ontario-based fitness app PumpUp
Fitness app PumpUp allegedly left a server that contained personal information like credit card numbers, private messages and health data unsecured.
The app lets you send photos to the PumpUp social network, to allow other users to cheer you on or suggest workout tips. It also tracks your fitness progress.
The app, which is based out of Toronto, used a back-end server on Amazon’s cloud as a messaging server using a messaging protocol called MQTT. The information on the server — credit card data, personal messages, Facebook accounts — wasn’t password protected, as technology news website ZDNet first reported.