‘Mariana Tek’ Exposes 1.5 Million User Records via Unprotected AWS Bucket

  • Mariana Tek has exposed a large number of fitness, wellness, and spa customers via an unsecured bucket.
  • The company responded immediately to the reports of researchers finding the server, but hackers may have already accessed it.
  • The details include sensitive details like emails and names but no passwords, financial details, or ID documents.

"Mariana Tek," an American fitness studio management platform that helps millions of customers book their sessions on fitness clubs, had a security breach incident that exposed 1,522,740 million user records. The platform left an Amazon Web Services bucket exposed online without setting a password, so anyone with a web browser could have accessed it.

The 633 CSV files containing the records were discovered and scrutinized by the team of researchers at CyberNews, which immediately notified the owner. Mariana Tek eventually secured the bucket on February 12, 2021.

Of the 1.5 million records, 850,831 were unique, so this is the number of people (clients, business owners, trainers) who were exposed as a result of this incident. The data includes the following details:

  • Full name
  • Gender
  • Date of birth
  • Location
  • Street address
  • Phone number
  • Email address
  • Account balance
  • Other information
  • Profile pictures
Source: CyberNews

The implications of having the above details exposed range from spamming and scamming to phishing attacks. Since financial details and passwords aren’t there, the only thing that the exposed individuals need to be careful with is incoming communications, be it emails or SMS, or even phone calls.

While the data was secured almost immediately, the date of the first exposure is unknown, so the bucket may have been accessible for quite some time. Considering that hackers only need a few hours to discover and exfiltrate data on unprotected servers, you should consider the records exposed. CyberNews has added the dataset on its leak checker, so you may check yourself there and figure out if you have been compromised.

If you own a company that uses the Mariana Tek API, contact them and ask for details. Also, inform your customers that they have been potentially exposed, as this is very important in helping them stay safe. You may also want to reset all user passwords as a precaution. If you are a spa or fitness club customer, contact the place and ask if the app you’re using relies on the Mariana Tek platform.

How to Watch Grammys 2023 Online: Live Stream the Awards from Anywhere
The 2023 Grammys are around the corner, and you will find the date, time, performers, presenters, host, nominees, and everything else you...
Italy vs. France Live Stream: How to Watch Six Nations 2023 Online from Anywhere
Excitement among spectators has reached new heights as the Six Nations Rugby Championship 2023 draws near. France, the reigning champs, will get...
How to Watch ‘Murf the Surf: Jewels, Jesus, and Mayhem in the USA’ Online from Anywhere
Murf the Surf is a 2023 true-crime docuseries that pulls back the curtain on America's most infamous jewel thief, Jack Roland Murphy....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari