Irish gym management software company Glofox is investigating reports of a recent data breach in which users’ personal details may have been compromised.
The start-up is one of a number of companies whose databases were reportedly hacked by a well-known group, ShinyHunters. Others believed to have been impacted include popular children’s online playground Animal Jam, which this week reported it had suffered a breach affecting 46 million accounts.
Glofox has not responded to media requests for comment on a possible security breach but it has, in recent days, responded to individuals on Twitter who posed questions to the company after being informed its website had been compromised.
“Hi all, we are currently investigating external reports of a data breach and we will communicate to any customers impacted as soon as we have completed our investigation,” the company said in response to tweets from several users.
Some Irish gyms that use the Glofox platform have also warned members of a security incident.
“Glofox informed us that this is an isolated incident and they have identified and closed the path that led to the breach,” one gym said in an email sent to users this week.
No financial information or credit card details are believed to have been exposed but personal info such as names, addresses, phone numbers, passwords and dates of birth may have been compromised.
“While no plain text passwords have been exposed, as an abundance of caution we recommend that you reset your password for Glofox and, if you have been using your old password across multiple websites, we recommend to change those passwords also,” the same gym wrote.
Glofox provides business management software to fitness studios and gyms. In response to the coronavirus pandemic, it has also developed the new platform to help gyms live stream classes and offer premium on-demand content to customers.
Earlier this year it raised $10 million in funding and announced a new live streaming platform for gyms as it focused on helping the fitness industry navigate the coronavirus pandemic.
Wired magazine earlier this year reported ShinyHunters had been trying to sell close to 200 million stolen records taken from more than 10 companies on the dark web. More recently, Forbes reported the group had decided to give away for free more than 386 million records that encompass a claimed 18 data breaches on the forum.