Fitify shuts down cloud storage after 373,000 private files left unprotected, report says
'A Google Cloud bucket is simply a filing cabinet in the virtual space,' said cybersecurity expert Ritesh Kotak in a video interview with CTVNews.ca. 'Your files, your digital data, all the searches … need to be housed somewhere, and it's usually housed in a cloud bucket and Google is one of the more popular (ones).'
The exposed storage, now closed, was discovered by researchers at Cybernews in early May.
Their report says more than 373,000 files were accessible without any password protection or security keys. It also says Fitify Workouts, the company behind the app, shut down the exposed cloud storage after being contacted by Cybernews.
According to the Cybernews report, while many of the files were workout plans and instructional videos, researchers also found 206,000 user profile photos, 138,000 progress photos, and roughly 6,000 images labelled 'Body Scan.' Some of the files, it says, had been shared through Fitify's AI coaching feature, which lets users track body changes over time.
Fitify breach
Image by Cybernews
According to its website, Cybernews is an 'independent media outlet, where journalists and security experts debunk cyber by research, testing and data.'
CTVNews.ca has reached out to Fitify Workouts for comments, but did not receive a response by the time this article was published.
According to Cybernews researchers, 'progress pictures' and 'body scans' are often captured with minimal clothing to better showcase the progress of weight loss and muscle growth, so most of the leaked images might be of the types that users normally would like to keep private.
Kotak says the exposure likely happened when someone with access created a public link that wasn't secured or expired.
'If you're able to get that link, you're able to access it,' he said. 'There is a significant risk of harm to an individual given the sensitivity of the information.'
Fitify's Google Play description tells users their data is 'encrypted in transit.' But Cybernews researchers said the cloud storage was accessible to anyone with a link, and the files were not encrypted at rest, meaning anyone could view or download the content.
'This leak shows that the access controls implemented by the app were insufficient to secure user data,' Cybernews said in its report. 'The fact that this data could be accessed by anyone without any passwords or keys demonstrates that user data was not encrypted at rest.'
Fitify breach
Sample of the leaked data. Image by Cybernews
Kotak questioned why such data was stored in the cloud in the first place.
'Why was this data not encrypted? Why was it uploaded to the cloud at all, instead of stored on the user's device?' he asked. 'These are serious security oversights.'
Kotak says users should be cautious when sharing personal information with fitness and health apps, especially when biometric data or photos are involved.
'When you sign up for an app … you're entrusting an organization with some very sensitive and personal information,' he said. 'Think before you click and just be cognizant that once your information is put into the hands of one of these organizations, there is a possibility that a breach like this can occur.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Globe and Mail
40 minutes ago
- Globe and Mail
VST or D: Which Utility Stock Offers More Upside in the AI Era?
The companies operating in the Zacks Utility – Electric Power industry present an attractive investment opportunity, driven by stable cash flows and the predictable earnings derived from a regulated business model. Many U.S.-focused utilities operate under long-term power purchase agreements, providing insulation from economic fluctuations. Rising electricity demand from artificial intelligence based data centers, increasing adoption of electric vehicles and the reshoring of some manufacturing activities are creating fresh opportunities for the utilities. Consistent capital investments in the adoption of new technology and the upgrade of existing infrastructure are improving operational efficiency. This allows utilities to generate reliable earnings and maintain steady dividend payouts to shareholders. The industry is also undergoing a significant transformation amid the global push for decarbonization. Many utilities are proactively investing in clean energy infrastructure, such as solar, wind, battery storage and grid modernization. Early adopters of renewable and low-carbon technologies are well-positioned to capitalize on market expansion, benefit from lower fuel cost volatility, and attract growing interest from both institutional and retail investors. Amid this positive development, let's focus on Dominion Energy D and Vistra Corp. VST, two prominent U.S. electric utilities that are actively investing in renewable energy, making them pivotal players in the shift toward cleaner power generation. Dominion represents a solid long-term investment, supported by its regulated utility model and reliable dividend payments. Operating across the Mid-Atlantic and Southeastern U.S., the company benefits from steady cash flows and increasing electricity demand. Dominion is actively reshaping its energy portfolio by investing in renewables like offshore wind, solar, and battery storage, while shedding non-core assets to enhance operational focus. As AI and data center power demands surge, Dominion's presence in key high-growth regions positions it well to capture emerging opportunities. This makes the company an attractive choice for investors seeking stable income and exposure to the evolving clean energy landscape. Vistra offers a strong investment opportunity, anchored by its diversified multi-fuel generation portfolio and robust cash flow visibility. As one of the leading competitive power producers in the U.S., Vistra operates a well-balanced mix of natural gas, nuclear, solar and battery storage assets. This versatility allows the company to efficiently manage power dispatch, navigate price volatility, and benefit from renewable energy incentives. Its cost-effective thermal assets ensure reliable baseload generation, while continued investments in clean energy and storage enhance its ESG profile. With disciplined capital allocation and healthy free cash flow, Vistra is well-positioned for growth and consistent shareholder returns. Given their strong presence in the utility sector, analyzing the fundamentals of both companies is crucial. A comprehensive comparison will shed light on which stock offers greater investment appeal and long-term value for investors. VST & D's Earnings Growth Projections The Zacks Consensus Estimate for Vistra's earnings per share in 2025 decreased by 0.16% and increased by 1.01% for 2026, in the past 60 days. Long-term (three to five years) earnings growth per share is pegged at 13.18%. The Zacks Consensus Estimate for Dominion's earnings per share in 2025 remained unchanged and increased by 0.28% for 2026, in the past 60 days. Long-term earnings growth per share is pegged at 13.59%. D & VST's Dividend Yield Dividends are regular payments made by a company to its shareholders and represent a direct way for investors to earn a return on their investment. They are an important indicator of a company's financial health and stability, often signaling strong cash flow and consistent earnings. Utilities are known for regular dividend payments to their shareholders. Currently, the dividend yield for Dominion Energy is 4.6%, while the same for Vistra is 0.46%. Capital Expenditure Plans Capital expenditure is vital for utilities as it supports infrastructure upgrades, grid modernization, and the integration of renewable energy. These investments enhance reliability, meet rising electricity demand, and ensure long-term growth, positioning utilities for success in an evolving energy landscape. Dominion plans to invest $50 billion in the 2025-2029 period to further strengthen its operations. Vistra aims to invest $2.27 billion in 2025, up from $1.85 billion and $1.61 billion invested in 2024 and 2023, respectively. Debt to Capital The Zacks Utilities sector is a capital-intensive one, and huge investments are required at regular intervals to upgrade, maintain and expand operations. The usage of new evolving technology also requires investments. Therefore, utilities borrow from the market and add it to their internal cash generation to fund their long-term investments. Dominion's debt-to-capital currently stands at 58.94% compared with Vistra's debt-to-capital of 77.12%. Both companies are using higher debt to fund their business, as the industry's debt-to-capital stands at 54.08%. Return on Equity (ROE) ROE is an essential financial indicator that evaluates a company's efficiency in generating profits from the equity invested by its shareholders. It demonstrates how well management is utilizing the capital provided to increase earnings and deliver value. VST's current ROE is 87.33% compared with D's ROE of 9.51%, while the industry's ROE is pegged at 10.41%. Valuation Dominion currently appears to be trading at a discount compared with Vistra on a Price/Earnings Forward 12-month basis. (P/E- F12M). VST is currently trading at 26.94X, while D is trading at 16.74X compared with the industry's 14.65X. Price Performance Dominion's shares have gained 3.8% in the month-to-date period compared with Vistra's rally of 2.2% and the industry's return of 1.3%. Conclusion Vistra and Dominion are strategically investing in their infrastructure to serve customers more efficiently and reliably. Based on the above discussion, Dominion is currently in a better position compared with Vistra, despite the stocks carrying a Zacks Rank #3 (Hold) each. D's better dividend yield, cheaper valuation, lower percentage of debt usage and better price performance make it a better choice in the utility space. You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. #1 Semiconductor Stock to Buy (Not NVDA) The incredible demand for data is fueling the market's next digital gold rush. As data centers continue to be built and constantly upgraded, the companies that provide the hardware for these behemoths will become the NVIDIAs of tomorrow. One under-the-radar chipmaker is uniquely positioned to take advantage of the next growth stage of this market. It specializes in semiconductor products that titans like NVIDIA don't build. It's just beginning to enter the spotlight, which is exactly where you want to be. See This Stock Now for Free >> Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Dominion Energy Inc. (D): Free Stock Analysis Report Vistra Corp. (VST): Free Stock Analysis Report
CTV News
an hour ago
- CTV News
UofT student launches website that streamlines TTC information
A new website developed by a university student aims to help transit riders seamlessly access information, by filling in gaps left by the TTC. University of Toronto PHD student Andrew Ilersich launched as a way to provide commuters with up-to-date information, in a streamlined way. He told CP24 Breakfast that while the TTC has information available on their website, it's a matter of digging through different sections to find it. 'There are at least six different webpages within the TTC site, that have this (information) kind of scattered around,' he said 'Which elevators are broken, which segments have delays. You'd have to spend 10, 20 minutes as a rider to go through it all and find it yourself.' The goal of Ilersich's site was to 'make it easier for the average rider in the morning' by putting all the information in one place. Currently, only covers the TTC subway system and not buses or streetcars. But Ilersich hopes to further develop the site to include all forms of transit — if the TTC is onboard. The site's current layout shows a map overview of all four subway lines, along with symbols that indicate where there are delays, planned disruptions, service restored and other information. 'Streetcars and buses, they have detours, and if they have detours, I have to draw a new line on the map,' he explained. 'For that to happen in real time, the TTC would need to give you that stop list as the detours happen. If they do that, great, I can put that in. But if not, (the site is) just subway for now.' The information on the site is currently automated through what's available on the TTC website. Ilersich said the task of creating the site wasn't easy, as he it took him a long time to find all the information. But his background in programming and engineering helped, as he's worked on similar projects. 'What was really hard was making it look nice and be usable,' he said. So far, the feedback Ilersich's received has mostly commended his work, though it's also included some criticism of the TTC. 'I've heard a lot of snark directed at the TTC. ' Why didn't they do this already,' that sort of thing,' he said. 'I don't know if that's entirely fair. The TTC site is better than most. At least it doesn't make you sign up for a mailing list like Ottawa does.' Stuart Green with TTC media relations said when presented with Ilersich's website, board members were impressed with what they saw and could see it go further. 'We've already reached out to the creator about a possible collaboration, one that is accessible for all customers and that falls within our procurement rules,' he said in an email. 'We also continue to look at ways to improve our open data streams, allowing entrepreneurs, customers, and start-ups like (Ilersich's) to produce great products and services to help our customers.'
CBC
an hour ago
- CBC
Ontario officially cancels $100M Starlink contract, won't say cost to taxpayers
Ontario has officially cancelled its $100-million contract with Starlink, but the province refuses to say how much it cost taxpayers to get out of the deal. Energy and Mines Minister Stephen Lecce confirmed the cancellation, but did not answer numerous questions about the kill fee the province will have to pay Elon Musk's SpaceX. Infrastructure Minister Kinga Surma announced the deal last year to deliver high-speed internet to 15,000 residents in rural and northern Ontario. WATCH | Ontario plans to rip up Starlink deal, tax electricity in response to Trump's tariffs: Ontario plans to rip up Starlink deal, tax electricity in response to Trump's tariffs 5 months ago The deal would have also included Starlink internet for remote First Nations. Lecce says the province is working on another high-speed internet solution. Ontario Premier Doug Ford threatened to kill the deal in February if U.S. tariffs on Canadian goods were imposed, and he ultimately pulled the deal in March when U.S. President Donald Trump implemented those tariffs.
