In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s servers, even if the users set their account profiles as private. The cause: a faulty API that permitted unauthenticated requests.
To read this article in full, please click here
(Insider Story)Support the originator by clicking the read the rest link below.