Peloton’s leaky API has allowed any hacker to obtain any user’s account data — even if that user had set their profile to private. The vulnerability, which was discovered by security research firm Pen Test Partners, allowed requests to go through for Peloton user account data without checking to make sure the request was authenticated. As a result, the exposed API could let anyone access any Peloton user’s age, gender, city, weight, workout stats, and birthday.
from Cyber Security News https://ift.tt/2SunjqB
No comments:
Post a Comment