"It was only after calling, asking individual gyms that mentioned their locations in the recording,"
"I asked who they use to record their calls and one of the managers finally told me."
"A very large number of the recordings referenced payment and billing issues,"
"Although I didn't hear any credit card numbers in the audio, it shows that members were comfortable discussing payment information over the phone."
An unencrypted, non-password protected AWS database exposed sensitive information from hundreds of thousands of gym customers and staff. The repository contained 1.6 million MP3 audio recordings collected between 2020 and 2025 from franchise locations of major fitness brands, including Anytime Fitness, Snap Fitness, and UFC Gym. Recordings included names, phone numbers, and call reasons such as renewing or cancelling memberships, with many referencing payment and billing issues. The exposed files could facilitate fraud or socially engineered attacks and may include biometric audio data. The database remained publicly accessible for about a week before being taken offline.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]