SaaS Whispers

Share this post

Data Of Echelon Users Exposed Due To Leaky API

saaswhispers.zluri.com

Discover more from SaaS Whispers

Your regular dose of information about all things related to SaaS management, SaaS security, SaaS compliance, and SaaS ops.
Continue reading
Sign in

Data Of Echelon Users Exposed Due To Leaky API

The leaky API of Echelon, an exercise giant, reportedly gives access to any rider's account information.

SaaS Whispers
May 24, 2021
Share this post

Data Of Echelon Users Exposed Due To Leaky API

saaswhispers.zluri.com
Share

The leaky API of Echelon, an exercise giant, reportedly gives access to any rider's account information.

Recently after Peloton, another home workout giant, was found to be exposing user information due to leaky API, it is Echelon now. Jan Masters, a researcher at Pan Test partners, has found that its API allows him to access any account data like Name, city, age, sex, weight, phone number, workout statistics, and much more of a member in a live or pre-recorded class.

Zack Whittaker writes in TechCrunch about the incident and how Echelon reacted to the claims. Here is what he has written:

  • The leaky API of Echelon lets anyone access user's personal information, including their fitness equipment's serial number.

  • The API was supposed to check whether a member's device is authorized to access user data, but it gave it out without any token.

  • Another bug allowed its members to pull data of any other members due to weak access control on the API, making it easy to pull out user account ids and information from its servers.

  • Though researchers had directly messaged them on their Twitter handle, they didn't hear back for 90 days which was the maximum time given to companies to fix flaws.

  • Echelon had told TechCrunch that they had fixed the flaws, but a researcher has raised a dispute that there are still two flaws that are yet to be fixed.

  • It also said that it fixed the bug that let children under the age of 13 sign up, but when TechCrunch created an account with an age of less than 13, it was still possible.

What Zluri Thinks?

Data breaches like these cause irreparable loss of reputation to organizations. With data centers moving to the cloud, the surface for a cybersecurity attack broadens. IT leaders must research and implement all possible precautions that their budget offers to prevent such instances from happening.

You can read the full article here.

Share this post

Data Of Echelon Users Exposed Due To Leaky API

saaswhispers.zluri.com
Share
Comments
Top
New
Community

No posts

Ready for more?

© 2023 SaaS Whispers
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing