Urban Massage, an app that offers "wellness that comes to you" inadvertently left its entire customer database online: enabling anyone that knew where it was hosted could search, edit or delete the information it held. The London-headquartered massage-on-demand service currently operates across the UK and Paris. At the time of securing the database, the company had exposed more than 309,000 user records, including names, email addresses and phone numbers. The records included specific complaints — from account blocks for fraudulent behavior, abuse of the referral system and persistent cancelers.