TotalGymDirect.com

Total Gym Direct experienced a significant data security incident involving an exposed database that contained sensitive customer information. The breach occurred due to a misconfiguration in an Elasticsearch server which was left accessible to the public without password protection. Security researchers identified that the exposed records included personal identification details and purchase history of thousands of customers who bought fitness equipment online. This exposure potentially allowed unauthorized parties to scrape user data over a period of time before the vulnerability was patched by the company technical team.