At least two employees of this nationwide exercise company phenomenon were fired after company officials caught them selling names, addresses and alarm codes of customers on the dark web.

Cameras are always on the machines and many of those cameras captured alarm codes being entered and also passwords of computers.

Peloton

Hackers can spy on Peloton bike and treadmill users

Peloton says it has fixed a security flaw in the fitness equipment maker’s stationary bike and treadmill products that potentially allowed hackers to spy on users and even control their exercise machines.

Security software company McAfee identified the vulnerability, warning that someone with physical access to Peloton’s Bike+ and Tread+ products could gain control of the devices through a USB port on the interactive tablet mounted on the machines that are used to stream live workouts.

Peloton acknowledged the weakness in a press release Thursday, explaining that an attacker could “modify the software on the device, and could then install malware or access data that is communicated between the device and our services.”

Peloton issued a mandatory software update that protects users from being hacked, and urged its members to log into their tablets to download the patch.

“After updating, your device will be protected against the vulnerability that McAfee reported,” Peloton said in the release.

McAfee researchers kept the issue private until Peloton was able to roll out a fix, according to the equipment company.

Specifically, hackers could insert a USB key containing malicious code into a Peloton machine and gain remote access without the user knowing. They could use this access to install malicious apps made to look like Netflix or Spotify in order to steal users’ credentials, McAfee wrote in a blog post on its website.

In addition, “They can enable the bike’s camera and microphone to spy on the device and whoever is using it,” according to the cybersecurity company.

An interactive map by a third-party website that shows where Peloton machines are located around the world also can be exploited by bad actors. – Source

Read more on these Tags: ,