While it's not at the catastrophic level of MyFitnessPal's 150 million-user data breach , the company behind the workout app PumpUp left information for 6 million of its members exposed. The Amazon cloud-hosted back-end server holding the data didn't have a password set up for an uncertain lenght of time, enabling anyone to observe sign-ins and exchanged messages.
According to ZDnet, the server is now secured -- but it's still exposing data when it acts as a broker exchanging user messages. It uses a communication protocol normally reserved for communicating with Internet of Things devices and apps, which is low-bandwidth but transitory, letting anyone peer in and observe data as it's being sent back and forth.
The link for this article located at Engadget is no longer available.
