Pen Testers Discover a Security Bug on Peloton’s Servers

Penetration Test Image

Pen Testers Discover a Security Bug on Peloton’s Servers

Once COVID hit people were all jumping on the Peloton bike to stay fit in the safety of their home. It is a top-quality exercise bike that has an app and subscription that goes with it. It gives users access to live real-time classes and sessions with a coach.

Peloton is booming, in 2020 they announced a 113% increase year over year which they expect to double in 2021.

Well, Peloton has hit a pothole. They had to recall all of its treadmills, which have been linked to 70 injuries and the death of one child. On top of that, there was exposed user data. An unauthenticated user could view sensitive information for all users, and snoop on live class statistics and its attendees, despite having a private mode.

What went wrong?

  • The Peloton app API allowed any user to access someone else’s data even if they were in “private” mode.
  • Peloton failed to address the flaw quickly enough and had to be warned by the press to take proper fixing action.
  • It is not unlikely that someone has already scraped all user data from the leaky API, planning to publish it soon.

 

The researcher found out that an unauthenticated user could view sensitive information for any user of the Peloton network, snoop on their activities, and collect potentially useful data that could be used for a variety of nasty stuff. More specifically, the information that could be accessed includes the following:

  • User IDs
  • Instructor IDs
  • Group Membership
  • Location
  • Workout stats
  • Gender and age
  • If they are in the studio or not

Peloton says it has more than 3 million subscribers. Famous figures such as the President of the United States use Peloton.

2021 is shaping up to be the year of the API attack. As more leaks happen we will need to pay attention to the vulnerabilities. As we have more things connected on the internet this will continue to be a problem. When every appliance is connected to the internet we are trusting our data to companies who are not focused on data security.

Data protection privacy concept. GDPR. EU. Cyber security network. Business man protecting data personal information on tablet and virtual interface. Padlock icon and internet technology networking connection on digital

Your API is the gateway to your data! The Top 10 API Security Risk:

  1. Broken Object Level Authorization
  2. Broken User Authentication
  3. Excessive Data Exposure
  4. Lack of Resources & Rate Limiting
  5. Broken Function Level Authorization
  6. Mass Assignment
  7. Security Misconfiguration
  8. Injection
  9. Improper Assets Management
  10. Insufficient Logging & Monitoring

 

CompTIA PenTest Logo

Are you ready to learn how to be a pentester? Consider taking CompTIA Pentest+ with Intellectual Point!

CompTIA PenTest is a certification for cybersecurity professionals who are tasked with identifying, exploiting, reporting, and managing vulnerabilities on a network.

CompTIA PenTest assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. Successful candidates will also have the skills required to customize assessment frameworks to effectively collaborate on, report findings, and communicate recommended strategies to improve the overall state of IT security.

Learn More About CompTIA PenTest+

Top Reasons to Get CompTIA PenTest+ Certified

 

 

Certified Ethical Hacker (CEH) Logo

You could also consider taking Certified Ethical hacker (CEH) with Intellectual Point!

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker but lawfully and legitimately to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.

The Certified Ethical Hacker (CEH) is a core training program for an information security professional, also referred to as a white-hat hacker, who systematically attempts to inspect network infrastructure with the consent of its owner to find security vulnerabilities that a malicious hacker could potentially exploit. The course helps you assess the security posture of an organization by identifying vulnerabilities in the network and system infrastructure to determine if unauthorized access is possible. The Certified Ethical Hacker program is the most comprehensive Ethical Hacking program in the world.

Learn More About CEH

Why Get Certified Ethical Hacker (CEH) Certified?

 

 

CompTIA PenTest+ or Certified Ethical Hacker (CEH), which one is right for me?

 

See Our Schedule

 

Leave a Reply

Latest News

Intellectual Point Announces GI Bill® Approval

Intellectual Point Announces GI Bill® Approval   Intellectual Point, a leading provider of IT training and certification programs, is proud to announce its Virginia State Approving Agency

0

Revamped Course Schedule for 2024: Innovations and Returns at Intellectual Point

Revamped Course Schedule for 2024: Innovations and Returns at Intellectual Point By contributor Laurentino Rodrigues   At Intellectual Point, we pride ourselves on being at the forefront

0

Red Ribbon Week – Be Kind to Your Mind, Live Drug FreeTM

Red Ribbon Week – Red Ribbons have been a part of a national campaign since 1985 in response to the murder of special agent Enrique Camarena of

0

October: Cybersecurity Awareness Month

October: Cybersecurity Awareness Month By contributor Lyan Ware   Pumpkin spice everything, cozy sweater weather, spooky movie reruns, and that crisp, lingering bonfire smell in the air

0

happy clients

Zuhdi Arnous

“The environment in the class was motivating, everyone was participating, we learned from each other. We got a lot of practice which helped us get not just ...
Read More

David McPhatter

“If a person is trying to get into the IT field and the IT security field then this place can do a lot.” -David McPhatter, CISSP, CISM, ...
Read More

Prince Okpalaeze

“I didn’t see the importance of getting certifications. But when they emphasized certifications is one of the things that will give you a better foot in the ...
Read More

Kajli Prince

“What’s the next thing coming that people are going to be looking towards, Cloud, virtualization? At Intellectual Point you get this breadth of experience that was a ...
Read More

Kajli Prince

“My instructor Prem had such sharp industry experience that he brought to the course. The classes, the lectures, the practical applications, you don’t get this other places.” ...
Read More

Diana Roix

“I would recommend anyone that has a passion for IT or cyber or making a difference in the world, making it more safe—come to Intellectual Point.” -Diana ...
Read More

Cynthia Sano

“They were really accommodating for financial support. I was able to pay on a monthly basis, they set up a payment plan that made it convenient so ...
Read More

Bridget Robinson

“I highly recommend Intellectual Point. I am a proud student who matriculated through their PMP/CAPM course. The instructor and staff were very engaging, high energy, and created ...
Read More

Ramprasad Venkat

“These trainings are more interactive because Prem brings in a lot of real experience, it clearly goes to show how much he has worked in the cyber ...
Read More

Michael Seidu

“It changed my life because I got certifications that matter in IT and I got one job that was paying me more than the two jobs I ...
Read More

Rajiv Koul

“At Intellectual Point they are very student friendly and the labs are excellent. It was very good to have hands-on material and hands-on courses.” -Rajiv Koul Senior ...
Read More

Abraham Lewis, Jr.

“After revamping my resume and putting it out there I started getting calls from people everywhere and my salary leapt right away, it was amazing.” - Abraham ...
Read More

Zuhdi Arnous

“Prem showed me the options for how to get to my dream, to get to my goal. We made a plan together and I did the courses ...
Read More

What Our Customers Say - Based on over 600+ Reviews!

Join Thousands of Happy Clients Join our Alumni Group Google Reviews
Our Top Customers
APEX COLOR LOGO
Booz Allen logo
DARS Logo
HP logo
hpe logo
INOVA Logo
Lockheed Martin Logo
mantech logo
northrop grumann logo
Optum Logo
Verizon Logo
WIOA Logo
Training and Testing Partners
CompTIA Logo
AWS logo
ISACA logo
ITPG logo
Phoenix logo
RedHat Logo
SunsetLearning Logo
UoNA logo
UOPX logo
certiport logo
clep logo
IQT-logo
Kryterion_logo
Pan Testing Center Logo
dsst logo
PearsonVue Logo
Sanctum Federal
Scantron Castle Logo