Even yours Exercise equipment Protection is not protected from problems. TechCrunch Report Jan Masters of that Penn Test Partners Discovery A Pelton security flaw that allows attackers to capture sensitive data, including user information (such as age and weight), location, and workout statistics. Researchers have discovered that if you want to get someone’s data through Peloton’s programming interface, they can make unauthorized requests to find out if they have personally set up their account.
The issue has since been settled but only for an extended period. Masters said he personally revealed the error on January 20, but did not receive a response until 90 days later when he (as with the traditional release of protection) reached the media. Pelton quietly issued a half-fix on February 2 that restricted access to only authorized users – anyone with a subscription could still monitor your information.
It is not clear if any of the attackers used the security hole.
The company is at least ready to change its ways. Spokesman Amelis Lane said TechCrunch A statement said Peloton was “slow to update” the Masters about his efforts to fix the vulnerability. Lane added that in the future the company will try to “work collaboratively” with security researchers.
There is a good chance your data will be untouched. However, it underscores the importance of fitness data protection. The incident also illustrates the importance of expressing appropriately reactive weaknesses and Bug grant program. Security experts aren’t enough to report problems in a black box – they need to know that the company is aware of its flaws and is implementing meaningful corrections.
All products offered by Engadget are selected by our editorial team, different from our parent company. Some of our stories include approved links. If you purchase something through one of these links, we can earn an approved commission.