Hackers could hijack user accounts in dozens of fitness and gym mobile applications. About 80 apps rely on Fizikal, a management platform from Israel for gyms and sports clubs. Vulnerabilities affecting the platform could be chained to bypass security checks, enumerate users, bruteforce the one-time password (OTP) for logging in, and get access to a user’s account. An ill-intended individual could have leveraged these vulnerabilities to learn the schedule of someone famous or a member of the government.
Source: https://www.bleepingcomputer.com/news/security/gym-app-management-platform-exposed-info-of-thousands-of-users/