Pelotons 4M User Breach: What the Hack?!?
Peloton powers its web and mobile apps with APIs, like virtually every other app on the Internet. But these APIs had a few critical flaws that exposed the personal information of all 4 million users. What the Hack happened?!?
Peloton's 4M User Breach: What the Hack?!? -
In this video Dan Barahona explains how the breach took place and how the open API and lack of authorization controls exposed 4 million Peloton user records.
The user data included the use's age, gender, city, weight, workout statistics, and even birthday. The APIs had access to all this information, even if you marked your Peloton account as private. Even President Joe Biden's records were exposed.
Two key issues caused the exposure: 1) the API was left wide open - no credentials required. And 2) the API allowed users to access records of other users - also known as Broken Object Level Authorization (BOLA) in the API Top Ten.
Read more about the breach here:
Register for APIsec University's free API Security Fundamentals course here:
If you're interested in regular news from the API space, including future "What the Hack?!?" episodes, subscribe to "Getting APIs to Work"!
Смотрите видео Pelotons 4M User Breach: What the Hack?!? онлайн без регистрации, длительностью 07 минут 44 секунд в хорошем hd качестве. Это видео добавил пользователь Erik Wilde 23 Февраль 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 32 раз и оно понравилось 1 людям.