Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database belonging to Hello Gym, a Minnesota-based communication and lead management platform for the fitness industry.
The exposed database contained more than 1.6 million audio recordings of phone calls and voicemails from gyms and fitness centers across the United States and Canada.
According to Fowler, the database was not password-protected or encrypted and included 1,605,345 audio files in .mp3 format. The recordings, collected between 2020 and 2025, contained sensitive information, including names, phone numbers, billing details, and reasons for making calls.
The audio files appeared to originate from independent franchise locations of several well-known fitness brands. Corporate representatives confirmed that they do not record audio themselves, but some franchisees were using Hello Gym’s third-party VoIP services.
Fowler reported the exposure to Hello Gym, and the database was secured within hours. However, it remains unknown how long the information was publicly accessible or whether malicious actors may have accessed it prior to discovery.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
