Article 5HFZM Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse

Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse

by
Dan Goodin
from Ars Technica - All content on (#5HFZM)
peloton-800x660.jpg

Enlarge (credit: Peloton)

Peloton is having a rough day. First, the company recalled two treadmill models following the death of a 6-year-old child who was pulled under one of the devices. Now comes word Peloton exposed sensitive user data, even after the company knew about the leak. No wonder the company's stock price closed down 15 percent on Wednesday.

Peloton provides a line of network-connected stationary bikes and treadmills. The company also offers an online service that allows users to join classes, work with trainers, or do workouts with other users. In October, Peloton told investors it had a community of 3 million members. Members can set accounts to be public so friends can view details such as classes attended and workout stats, or users can choose for profiles to be private.

I know where you worked out last summer

Researchers at security consultancy Pen Test Partners on Wednesday reported that a flaw in Peloton's online service was making data for all of its users available to anyone anywhere in the world, even when a profile was set to private. All that was required was a little knowledge of the faulty programming interfaces that Peloton uses to transmit data between devices and the company's servers.

Read 12 remaining paragraphs | Comments

index?i=Uvjxdtn1HTw:fQB-zOM9CYg:V_sGLiPB index?i=Uvjxdtn1HTw:fQB-zOM9CYg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments