๐ Pelotonโs Leaky API Potentially Exposed Ridersโ Personal Information
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: news.softpedia.com
According to a report from TechCrunch, an outdated version of Pelotonโs API, the program that enables the companyโs bikes and recall treadmills to communicate with its servers, might have revealed private customer profiles. Peloton claims to have over 3 million subscribers and over 1 million connected fitness profiles, so the leak may be massive.ย Jan Masters, a security researcher at Pen Test Partners, discovered the bug on January 20th and reported it to Peloton, but the company is only now confirming that it has been patched.ย He also discovered that he could make unauthenticated requests to Pelotonโs API for user account data without any verification or confirmation of the privileges. This happened when Biden was inaugurated, and Peloton moved to t... ...