Software security company McAfee said it exposed a vulnerability in the Peloton Bike+ that allowed attackers to install malware through a USB port and potentially spy on riders, NBC News reports.
McAfee said the problem stemmed from the Android attachment, noting attackers could access the bike through the port and install fake versions of popular apps like Netflix and Spotify, which could then fool users into entering their personal information.
More Peloton Coverage
A Peloton Bike+ in a public, shared place, such as a hotel or a gym, would be especially vulnerable to the attack.
Peloton confirmed in a statement that engineers from McAfee alerted them to the problem "via our Coordinated Vulnerability Disclosure program" and said they were working with the security company to fix the issue. "Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability," the exercise equipment company added.