Exclusive Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially biometric data in the form of audio recordings – was left sitting in an unencrypted, non-password protected database, according to a security researcher who shut it down.

Leaky database hunter Jeremiah Fowler claims he discovered the wide-open AWS repository managed by HelloGym in late July and shared his findings with The Register .

The database remained open for a week, and Fowler said it took a bit of digging to determine who was responsible for the repository of audio calls.

"It was only after calling, asking individual gyms that mentioned their locations in the recording," he told The Register . "I asked who they use to record their calls and one of t

See Full Page