If you’re someone who uses the popular fitness app Fitify on iOS, this is something you should not ignore. According to a report by Cybernews, the app has experienced a major data leak. It has exposed the private information and personal photos of its users.
What Happened?
Cybernews researchers discovered over 373,000 user files. These files were stored on a public Google Cloud storage bucket. There was no password or encryption.
What Data Was Leaked?
Here’s a quick breakdown of the leaked files:
- 206,000 user profile photos
- 138,000 progress pictures uploaded by users to track their fitness goals
- 13,000 AI coach message attachments, which may contain photos or text
- 6,000 body scan images with personal data like lean mass, posture, and body fat
Some of the progress and body scan images reportedly showed semi-nude photos. Users took these photos to track weight loss or muscle gain.
Why Is This a Big Problem?
Fitify says that user data is encrypted during transfer. Yet, this breach shows that there were no basic access protections like password control once stored. There was also no data encryption once stored. That puts the privacy of users at serious risk.
Even more worrying, Cybernews found hardcore secrets inside the app’s code, like:
- Google API and Client IDs
- Firebase database URLs
- Facebook access tokens
- Algolia API keys (not disclosed in their privacy policy)
These keys allow attackers to access the app’s backend. They can pretend to be users. Attackers even insert harmful content into it.
What Should Fitify Users Do Now?
If you are a Fitify user:
✅ Avoid uploading sensitive or private images until the app gives a clear statement about the fix.
✅ Check if any of your photos or information might have been exposed.
✅ Change any linked passwords or connected services (like Google or Facebook) just to be safe.
✅ Follow Cybernews or other security blogs for updates.
This incident is a serious reminder that even popular apps with millions of downloads can have huge privacy gaps. Apps like Fitify, which store sensitive health and body data, need to be even more cautious.
Until Fitify officially responds and fixes this issue, it’s best to be careful. Avoid sharing personal information through the app.
Stay alert and protect your digital privacy. Even your fitness progress deserves to stay private!
