CyberNews Briefs

Peloton’s Leaky API Spilled Riders’ Private Data

Due to a flaw in Peloton’s API, the personal data of its riders was exposed. The API leakage allegedly occurred after the company ignored a vulnerability disclosure from a penetration testing company. Although Peloton partially fixed the hole, they failed to fully secure the database. The news comes amid other troubles for Peloton after their treadmills were linked to 70 injuries and the death of a child. The treadmills have since been recalled.

Peloton also admitted that they were wrong to refuse to pull the equipment originally despite warnings from the Consumer Product Safety Commission (CPSC). In April, the commission released a publication warning that the machine posed serious risks to children. The API leakage included personal information such as user IDs, instructor IDs, group membership, location, workout stats, gender, and age.

Read More: Peloton’s Leaky API Spilled Riders’ Private Data

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.