Fitify Fitness App Leak: Your Private Progress Pics & Body Scans Were Exposed – Here’s What You Need to Do

Fitify, a fitness app with over 20 million users worldwide and an impressive 4.8-star rating, offers AI-powered workout plans, personalized fitness tracking, and advanced body scanning features to help users achieve their health goals.

With millions of downloads across various platforms, it has become a go-to app for home workouts and fitness enthusiasts globally. However, recent security concerns have raised serious questions about the app's ability to protect user data.

If you're like me, you've probably used it (or still do!) to track workouts, maybe even upload those vulnerable "progress pics" or try out the body scanning features. Well, a massive data leak has just been confirmed, and it’s a privacy nightmare.

Cybersecurity researchers at Cybernews recently uncovered that Fitify, an app with over 25 million installs, was leaving a massive digital filing cabinet wide open on Google Cloud. This wasn't just a few files; we're talking about over 373,000 user files completely exposed and accessible to anyone on the internet, no password, no special tricks needed.

Yeah, you read that right.

What Exactly Got Leaked?

The kind of data exposed is the stuff you definitely don't want floating around:

• 138,000+ Progress Photos: These are the personal before-and-after shots many of us take to track our fitness journeys. The report notes that many of these photos show users in minimal clothing, taken specifically to highlight physical changes. This is incredibly sensitive stuff.
• 206,000+ Profile Pictures: Your standard user avatars.
• Thousands of Body Scan Images: Detailed 3D scans of users' bodies, data that is about as personal as it gets.
• AI Training Data: Around 13,000 files related to the app's AI coaching features.
• Private user data was accessible without passwords or security keys.

Experts are calling this a "significant risk of harm" due to the highly sensitive nature of the information. One cybersecurity expert, Ritesh Kotak, highlighted just how bad this is, likening the unsecured Google Cloud bucket to a publicly accessible filing cabinet.

12 Open-source Free Android Sports Apps that respect your privacy

If you exercise or meditate, properly you have tried dozens of sports apps. You also may notice that most of the apps you tried require access permissions to your contact, camera, and location. Also, many of them come with advertisements, or locked features to open with in-app purchases. Therefore, we

MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

How Did This Happen?

The core issue? Fitify failed to properly secure its cloud storage. The files weren't encrypted at rest, and the storage bucket was left publicly accessible.

Furthermore, researchers reportedly found sensitive credentials like API keys hardcoded directly into the app's source code, a major security no-no that could potentially allow deeper system access.

While Fitify Workouts (the company behind the app) shut down the public access after being contacted by Cybernews, the damage was already done, that data was out there, free for anyone who stumbled upon it to view or download.

FitoTrack is an outstanding open-source sport and exercise app

FitoTrack is a mobile app for logging and viewing your workouts. Whether you’re running, cycling or hiking, it will show you the most important information, with detailed charts and statistics. It is open-source and completely ad-free. FitoTrack got dozens of positive reviews form many satisfied users. For now, the app

MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

What Does This Mean for You?

If you've ever used Fitify, especially if you uploaded progress photos or used the body scanning features, there's a real chance your private data was part of this leak. This isn't just about embarrassment; it's about potential misuse of your personal images and information.

How to Protect Yourself Right Now

Here’s what you need to do immediately:

1. Delete Your Fitify Account: This is the most crucial step. Removing your account is the best way to sever ties with the app and minimize future risks. How? Open the Fitify app, go to Settings, find your Account details, and look for the option to delete your account.
   
   If you can't find it in the app, the Fitify Privacy Policy states you can request deletion via email at [email protected].
2. Change Your Password: Even if you plan to delete the account, change your Fitify password immediately and ensure you don't use the same password for other accounts.
3. Monitor Your Online Presence: Keep an eye out on social media or image searches for your photos. If you find anything, you'll need to report it.
4. Consider Enhanced Security: Change passwords for other accounts, especially if you used the same one for Fitify. Maybe it's time to invest in a password manager?

Being Smarter About Fitness Apps

This incident is a wake-up call for all of us who love our fitness tech. Here are some tips going forward:

• Read the Fine Print: Understand the app's privacy policy. What data do they collect? How do they store it?
• Think Before You Upload: Really consider if you need to upload those super personal photos or detailed scans. Can you track progress another way?
• Audit Your Apps: Regularly review the permissions and accounts for apps you use, especially health and fitness ones.
• Stay Informed: Keep up with tech news and security reports about the apps you rely on.

Look, I get it. Fitness apps like Fitify can be incredibly motivating and helpful. But this leak is a stark reminder that our digital lives require constant vigilance. Our personal data, especially sensitive stuff like body images, deserves better protection than what Fitify apparently offered.

Take action now. Delete your account, change your passwords, and let this be a lesson for safer digital habits. Your privacy is worth it.

‘A significant risk of harm,’ experts warn after Fitify data leak report

Sensitive user files from the popular fitness app Fitify have been secured after cybersecurity researchers discovered a publicly accessible Google Cloud storage bucket containing hundreds of thousands of images, including body scans and personal progress photos.

CTVNewsTammy Ibrahimpoor

Fitify Data Breach - Join Class Actions

If so, your sensitive personal information may have been exposed!Fitify is a popular fitness app which has been downloaded over 10 million times from Google Play. On May 7, 2025, it was discovered that personal information entered into Fitify by users of the app was stored in a public Google cloud storage bucket. Private progress photos and body scans shared with coaches were easily accessible by anyone. Fitify has since closed the storage bucket, but it contained 373,000 files of photos. Client IDs were also exposed, which could enable bad actors to acquire more user information and possibly break into other accounts. The leak was closed on June 9, 2025.Data breaches are serious matters that can cause long term damage. Hackers break into networks so that they can steal your personal information to sell it on the dark web, commit identity theft, financial theft or other frauds. How do you know if you were affected? If you received a notice from Fitify alerting you that your private information was impacted in their data breach, contact us to find out if you may be eligible for compensation!

Join Class Actions