Security News > 2020 > April > Password-free database of exercise app Kinomap leaks 42m user records
Security researchers at vpnMentor found Kinomap's dribbly database during the firm's ongoing web-mapping project.
You might have to pay for the subscription service to immerse you in forest greenery, but if you knew where to look, you wouldn't need to pay anything at all to get at the 42 million Kinomap users' records that the researchers found.
The records seem to pertain to all Kinomap users, given that the data originated in countries across the world.
Many of the entries contained links to Kinomap user profiles and records of their account activity.
So does potential account hijacking, given that many of the exposed records included access keys for Kinomap's API. That access could have enabled attackers to take over Kinomap accounts and lock out the rightful owners.