sensitive information of an estimated 6,608 VivaGym job candidates and other business-related data was exposed, the database was freely accessible and indexed by public IoT search engines.
The information exposed were Email, Encrypted password, DNI, Last name / first name, Username, Login date, and time.
The database was secured within hours after VivaGym was notified via email and pubic access was restricted on the same day of discovery.
Viva Gym had informed the Data Protection Authorities and they also informed all users who were affected but the details of Viva Gym members were not included in this database.
Source: https://securitydiscovery.com/spanish-gym-franchise-database-exposed-by-partners-data-breach/
"id": "VIV73612323",
"linkid": "vivagym",
"type": "Data Leak",
"date": "03/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"