The Peloton data leak reveals the user's personal information

has also failed to protect user data, some of which is very private. The Peloton data leak reveals the user's personal information.

May 7, 2021 - 03:43
The Peloton data leak reveals the user's personal information
The Peloton data leak reveals the user's personal information

Peloton has had a really bad week. He was initially forced to remember a series of ungrateful trails due to severe safety concerns and apologize for refusing to act sooner. It is now clear that the company has also failed to protect user data, some of which is very private. The Peloton data leak reveals the user's personal information.

The breach was highlighted by TechCrunch, which obtained information about the journalist's own account in Peloton, which had been privately arranged. Security researchers can access the Peloton API, a system through which applications and devices can connect to Peloton servers. The API is happy to provide this information without authentication.

After security researchers informed him that his API dumps personal information over the Internet, the company restricted the device to only links to requests that provide valid Peloton accounts. This will still allow anyone willing to pay an account to access the data.

Must Read: The study shows that bald men are at a higher risk of developing severe COVID

The peloton system contains information about the user's age, gender, body weight and exercise level. After TechCrunch basically ignored the security researcher report, the door didn't close until TechCrunch asked for comment. There are some additional concerns about API leaks as a customer from Peloton President Joe Biden.

Pen Test Partners who encounter API issues artical the results along with a screenshot of the API response. Specifically, Amazon AWS instances contain personal information in addition to the profile photo for the member who has uploaded it. It also appears to use an account username for the photo, which will make it more accessible.

The problem has now been completely resolved and access to the API is no longer available without authentication or with basic customer credentials.

Peloton told TechCrunch, "From now on, we will be able to better collaborate with the security research community and respond more quickly when vulnerabilities are reported." Reuters 

Tags: