Category: pen test partners

Echelon exposed riders’ account data, thanks to a leaky API

Image Credits: Echelon (stock image) Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information. Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a…

Read More

Peloton’s leaky API let anyone grab rider’s private account data

Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend’s list is deliberately zero, so nobody can view my profile, age, city, or workout history. But…

Read More