Move With Us – a fitness platform that offers women’s health and fitness programs – suffered a data breach, possibly exposing sensitive information and revealing progress photos of users.
An error occurring on the customer profile page allowed users to log in to other peoples’ profiles, giving them access to emails, addresses, phone numbers, names, and revealing user photos in underwear and without any. Upon logging in and back out, users found themselves within new profiles.
Move With Us said in a statement that the error affected only “a very small portion of users,” although it is unclear how many people they’re referring to exactly.
Despite the breach, no financial information was revealed according to the platform since it doesn’t store payment details. The statement also said that no progress photos were accessed, although a variety of reports suggest that pictures were indeed visible.
“We can also confirm that this was not a malicious intent by a third party to access our users’ information,” Move With Us confirmed.
It was revealed that some users managed to bounce between as many as 10 different profiles. Concerned users took it to social media to demand more information, with Move With Us promising to notify all those affected shortly.
The platform was founded by Instagram influencer Rachel Dillon, who has over 1.4 million followers.