Peloton Data Leak Exposes Private Information of Users: Is It Fixed?

Peloton Data Leak Exposes Private Information of Users: Is It Fixed?
Peloton has been facing massive customer complaints and lawsuits ever since the death of a 6-year-old, who was pulled under its treadmill. Now, news came in that Peloton also exposes personal user data. Photo : Ethan Miller/Getty Image

Peloton has been facing massive customer complaints and lawsuits ever since the death of a 6-year-old, who was pulled under its treadmill. Now, news came in that Peloton also exposes personal user data.

Now, the company is not only recalling its treadmills, but also facing significant sales drops. 

Ars Technica noted that Peloton offers network-connected stationary bikes and treadmills. The company also provides complementary online services like a joint class, hiring a trainer, and online workout regimes. It soon grew to a community with over 3 million members that advertise connectivity and health promotions.

Peloton Data Leak

However, Pen Test Partners published a report that investigated Peloton's system and services. It revealed that information from Peloton users could easily be exposed such as: User IDs, Instructor IDs, Group Membership, Location, Workout stats, Gender and age, and whether they are in the studio or not

Some unauthenticated endpoints have been found in the system that reveals user information to any user searching for it. Meaning, user data could be exposed to another Peloton user and even a non-Peloton user. With many members listed user its service, anybody could easily make a data harvest from Peloton's system.

Read Also: Elon Musk Powers Dogecoin Price to $0.50 Ahead of SNL Appearance: Will It Reach $1 Value?

Was the Leak Fixed?

Upon discovery, Pen Test Partners immediately notified Peloton of their security issue. Peloton was given a 90-day deadline to fix the bugs found before the details of the discovery were made public. Unfortunately, aside from responding with an email acknowledging receipt of a bug report, Peloton has not improved its system.

TechCrunch made an effort to contact Peloton in regards to the vulnerability reported. As of May 4, Peloton responded to TechCrunch, saying that the company had already fixed the vulnerability.

As quoted from the Peloton spokesperson Amelise Lane:

"It's a priority for Peloton to keep our platform secure, and we're always looking to improve our approach and process for working with the external security community...We took action and addressed the issues based on his initial submissions, but we were slow to update the researcher about our remediation efforts."

Peloton Treadmills Recalled

Aside from the delayed response to fixing their bug, Peloton is also ensuring their treadmill is safe after the recent accident. After long deliberation, the company officially recalled all their treadmill machines due to public safety concerns.

CEO John Foley said: "I want to be clear, Peloton made a mistake in our initial response to the Consumer Product Safety Commission's request that we recall the Tread+... We should have engaged more productively with them from the outset. For that, I apologize."

Cnbc reported that the company suffered from a $4.1 billion loss on its market value and saw a 15 percent decrease on its stock shares. Peloton recalled around 125,000 Tread+ machines and 1050 Tread products in the U.S.

Peloton treadmills saw a considerable boost in sales during the pandemic amid home quarantine. However, the company also showed multiple signs that it lack proper system maintenance and user privacy protocol.

Related Article: Lego Space Shuttle Discovery Reviews, Issues and More: Why the 2,354-Piece Set Gets Positive Impressions 

© 2021 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost