A health and fitness app launched by a popular social media influencer suffered a glitch that may have shared users’ intimate workout photos and other personal account information with the wrong users.
Move With Us, which bills itself as a “movement and fitness” app for women, was founded by Rachel Dillon, a 29-year-old influencer and fitness trainer, who is also a three-time World Beauty Fitness and Fashion bikini world champion. Dillon, who boasts hundreds of thousands of followers on Instagram and TikTok, created the app to “share the true transformative power of fitness with the world,” as the company’s website puts it. The app provide users with detailed workout and nutrition guides and encourages them to take “before and after” photos to help track their fitness goals and provide a record of their progress.
However, Move With Us had a problem with those pictures earlier this week. As originally reported by news.com.au, users of the app said they were getting randomly logged into accounts that were not their own. After being logged into a stranger’s account, those same users reported being able to view intimate account details, including full names, email addresses, physical addresses, birthdays, and, in some cases, naked or revealing “progress photos” that users kept to track their progress.
On the Move With Us Facebook page, the company and Dillon reportedly responded to “hundreds” of angry users who were concerned for the safety of their accounts. On Tuesday, Move With Us posted a statement about the data breach to the page, disavowing some of the more lofty claims made by angry users—including the bit about the exposed “progress photos.” The statement reads, in part:
We wanted to notify that early yesterday afternoon...we were alerted by our community to an error occurring on customer Profile page within our app for a small portion of users.
This error was causing the incorrect user profile image and profile page to show for users. We immediately investigated and then resolved the issue with our development partners.
...We were also able to confirm no progress photos or financial information was wrongfully accessed. We can also confirm that this was not a malicious intent by a third party to access our users information.
A lot of things remain unclear about the breach. For one thing, it’s unclear how many people were affected (the company claims the issue affected a “small” amount of users but did not specify). For another, the discrepancy between the users’ claims about seeing “progress photos” with their own eyes and the company’s claims doesn’t seem to have been satisfyingly resolved. Gizmodo reached out to Move with Us to inquire about the incident and try to ascertain more information. We will update this story if the company responds.
If nothing else, this certainly would appear to be a cautionary tale about keeping your most intimate personal information inside an app. Most apps have shoddy security to begin with, so be very, very careful how you send naked or revealing pictures of yourself and where you store them.