Company Profile
Kinomap creates immersiveworkout videos for people exercising on rowing and cycling machines, and treadmills.
Kinomap also offers coaching videos similar to a workout you would do with a personal trainer.
Kinomap was founded in France in 2002 and nowhas an international user base spread throughout 80+ countries.
But rare are these times.
Most often, we need days of investigation before we understand whats at stake or whos leaking the data.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
In this case, Kinomaps name was found throughout the database.
There were also many links directed to the site.
Furtherinvestigation quickly confirmed the company as the owner of the database.
With that,we reached out to the companyand presented the results of our investigation.
We suspect this was due to an intervention by the CNIL.
Example of Entries in the Database
The exposed databasecontained over 40GB of data, approximately 42,000,000 records.
This is an enormous amount of data.
It also seemed to affect Kinomaps entire user base, as the data originated from countries across the globe.
Many of the entries contained links to Kinomap user profiles and records of their account activity.
Similar to social media accounts,Kinomap profiles can reveal considerable personal details about a user.
They could also potentiallytake over certain user accounts on Kinomap,using information contained within the database.
Many of the exposed data entries included the access keys for Kinomaps API.
Most immediately, it may lose customers if they feel the company is not protecting their data sufficiently.
Related to this, asKinomap is based in France and under GDPR jurisdiction,it should report this leak.
Whether Kinomap reports the leak or not, it could face investigation and potential fines by EU regulators.
This would be a time consuming and expensive process, regardless of the legal outcome.
All these outcomes would have severe consequences for the health of Kinomaps business in the foreseeable future.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
Our researchers use port scanning to examine particular IP blocks and test different systems for weaknesses or vulnerabilities.
They examine each weakness for any data being leaked.
Our team was able to access this database because it was completely unsecured and unencrypted.
The purpose of this web mapping project is to helpmake the internet safer for all users.
We never sell, store, or expose any informationwe encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
[Publication date: 21.04.2020]
c’mon, comment on how to improve this article.
