Peloton users have something new to worry about.

In a new report, security company McAfee says hackers can gain remote access to a Peloton bike's camera and microphone and can monitor users. The attackers can also add apps disguised as Netflix and Spotify to encourage users to input login credentials for later malicious use.

McAfee originally notified Peloton of the security issue in March. Peloton's head of global information security, Adrian Stone, said: "We pushed a mandatory update in early June."

This is just the latest headache for Peloton users. Just last month, Peloton recalled some of its treadmills following reports of over 70 injuries and the death of a 6-year-old child. Around the same time, the company issued an update after another security company revealed that hackers can snoop on Peloton users and find out their age, gender, location and even workout stats.

Pelotons have been one of the biggest fitness success stories of the pandemic. As gyms shuttered their doors and people were stuck at home, Peloton sales soared despite their huge price tag — stationary Peloton bikes can set you back by about $1,900, and its treadmills can cost upwards of $4,000. Last year, Peloton's revenue doubled to $1.8 billion.

The latest vulnerability primarily affects bikes in public spaces, but an attacker could interfere with the equipment at any point in the supply chain, from construction to delivery, according to the report.

Savannah Sicurella is an intern on the NPR Business Desk.

Copyright 2021 NPR. To see more, visit

300x250 Ad

300x250 Ad

Support quality journalism, like the story above, with your gift right now.