‘Mariana Tek’ Exposes 1.5 Million User Records via Unprotected AWS Bucket

  • Mariana Tek has exposed a large number of fitness, wellness, and spa customers via an unsecured bucket.
  • The company responded immediately to the reports of researchers finding the server, but hackers may have already accessed it.
  • The details include sensitive details like emails and names but no passwords, financial details, or ID documents.

“Mariana Tek,” an American fitness studio management platform that helps millions of customers book their sessions on fitness clubs, had a security breach incident that exposed 1,522,740 million user records. The platform left an Amazon Web Services bucket exposed online without setting a password, so anyone with a web browser could have accessed it.

The 633 CSV files containing the records were discovered and scrutinized by the team of researchers at CyberNews, which immediately notified the owner. Mariana Tek eventually secured the bucket on February 12, 2021.

Of the 1.5 million records, 850,831 were unique, so this is the number of people (clients, business owners, trainers) who were exposed as a result of this incident. The data includes the following details:

  • Full name
  • Gender
  • Date of birth
  • Location
  • Street address
  • Phone number
  • Email address
  • Account balance
  • Other information
  • Profile pictures
Source: CyberNews

The implications of having the above details exposed range from spamming and scamming to phishing attacks. Since financial details and passwords aren’t there, the only thing that the exposed individuals need to be careful with is incoming communications, be it emails or SMS, or even phone calls.

While the data was secured almost immediately, the date of the first exposure is unknown, so the bucket may have been accessible for quite some time. Considering that hackers only need a few hours to discover and exfiltrate data on unprotected servers, you should consider the records exposed. CyberNews has added the dataset on its leak checker, so you may check yourself there and figure out if you have been compromised.

If you own a company that uses the Mariana Tek API, contact them and ask for details. Also, inform your customers that they have been potentially exposed, as this is very important in helping them stay safe. You may also want to reset all user passwords as a precaution. If you are a spa or fitness club customer, contact the place and ask if the app you’re using relies on the Mariana Tek platform.



How to Watch Thursday Night Football Without Cable in 2021: Schedule, Time, TV Channel, Live Stream

The 2021 NFL season is kicking off, and the excitement is kicking in for American football fans all over the world. The...

HBO Leaves Prime Video as WarnerMedia Ends Deal With Amazon

Amazon and WarnerMedia end their collaboration that had HBO on Prime Video.Existing users will now have to use the HBO Max app...

How Phishing Actors Impersonated the U.S. Department of Transportation

A recent phishing campaign deployed some common but highly effective tricks to steal Microsoft account credentials.The actors impersonated the U.S. Department of...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari