On May 5, 2021, Pen Test Partners security researcher Jan Masters published a blog entitled “Tour de Peloton: Exposed user data,” in which he detailed information regarding a January 20, 2021 Peloton data breach that had exposed the personal data of the digital exercise bike company’s users, including age, location, weight, and workout statistics.
The blog comes after Masters found a bug in Peloton’s application programming interface (API) in January 2021. Peloton had neglected to notify users of the breach within 90 days, so Masters took the information public himself.