Town Sports, a New York-based gym chain has reportedly exposed its database online for a while. The company holds several fitness brands and owns gyms and spas in various states. While there’s no response from the Town Sports after being informed by researchers, it was secured the next day. Yet, researchers warn about potential phishing emails using the exposed PII.
Town Sports Exposed its Customers Database Online
Town Sports is a well-known brand that holds multiple fitness subsidiaries. Its retail chain includes gyms and spas like Boston Sports Clubs, Lucille Roberts, New York Sports Clubs, Total Woman Gym and Spa, Philadelphia Sports Clubs and Washington Sports Clubs. While Town Sports grossed well until the beginning of this year, it was forced to shut down last week due to closure of gyms amidst pandemic.
Now, a security researcher named Bob Diachenko from Comparitech has reported that a database containing around 600,000 records of personal data belonging to Town Sports customers and staff were exposed. The database was possibly leaked online since there’s no password set and can be spotted through an ElasticSearch.
The database contained details like their personal information like names, phone numbers, email addresses, residential addresses, credit card expiration dates and their last four digits and the members’ billing history. After spotting it, Bob along with Zack Whittaker, another security researcher has contacted Town Sports on September 21st to inform.
While they received no response after initial contact, the database was secured the next day. Yet, it’s recommended for the customers of Town Sports to remain vigilant of potential cyberattacks. Since it’s not known that anyone before the researchers have accessed that database, attackers may craft phishing emails to lure more details.
Other Trending News:- News
