Sign up for smart news, insights, and analysis on the biggest financial stories of the day.
Peloton is no stranger to PR disasters (remember that ad?). When it comes to matters of safety, there is no use fighting the tape.
After previously downplaying safety concerns around its treadmills, yesterday Peloton announced voluntary recalls of all of its Tread and Tread+ products.
Don’t Tread On Me
As we covered last month, the U.S. Consumer Product Safety Commission issued a stern warning about Peloton’s Tread+ treadmills after dozens of injuries and one death were reported. Peloton fired back at the time, calling the report “inaccurate and misleading.”
But after the CPSC highlighted the “unusual belt design” on the Tread+ and relayed reports about the machine’s touchscreen loosening and even falling off, the company known for its flagship stationary bike is suddenly backpedaling:
- Initiating a voluntary recall, Peloton is now advising owners of its Tread and Tread+ treadmill products to stop using them immediately.
- The recall affects around 125,000 Tread+ machines and 1,050 Tread products in the U.S., and customers are advised to contact Peloton for a full refund or other remedy.
Peloton says it plans to work with the CPSC to develop new industry safety standards for treadmills. CEO John Foley was contrite in a statement, saying, “I want to be clear, Peloton made a mistake in our initial response to the Consumer Product Safety Commission’s request that we recall the Tread+.”
Software Slip-Up
Unfortunately, Peloton’s problems this week aren’t limited to the hardware arena. The company’s API, which allows network communication between Peloton bikes and servers, was recently found to allow unauthenticated requests of user data.
That means anyone on the internet could access a Peloton user’s age, gender, city, weight, and workout stats. Jan Masters, the security researcher who discovered the API bug, reported it to Peloton way back in January, offering the company the typical 90-day window to correct the bug before making the news public.
Spinning Its Wheels: After being mum for months, Peloton this week finally acknowledged it had “addressed the issues”. But it remains unknown whether the API vulnerabilities were already exploited through mass-scraping of account data.
the takeaway
Peloton shares closed down nearly 15%, wiping over $4 billion of its market cap in one day.
Recent News
-
Dealmaking Is Coming Back — With or Without Fed Rate Cuts
Photo by Yusuke Kawasaki via CC BY 2.0 -
Superyacht Sales Fall Due to Lack of Russian Oligarch Customers
Photo by Diego F. Parra via Pexels -
Boeing Battles Dual Congressional Hearings
Photo by Eric Friedebach via CC BY 2.0 -
US Growth to Lap G7 Peers, IMF Predicts
Photo by Federal Reserve Board of Governors via Public Domain Mark 1.0 -
UnitedHealth Cyberattack Punched a $872 Million Hole In its Finances
Photo via Connor Lin / The Daily Upside -
Big Tech Offloads Office Space, Putting Commercial Landlords in Flux
Photo by Kate Sade via Unsplash -
US Retail Sales Surge as Consumers Shrug Off Inflation, High Interest Rates
Photo by Mostafa Meraji via Unsplash -
The Metaverse: Coming to a School Near You
Photo by Eren Li via Pexels -
Goldman Sachs Leans On ‘Core Strengths’ to Crush Q1 Earnings
Photo by Maryland GovPics via CC BY 2.0 -
Adobe’s Latest Patent Aims to Keep AI From Making Mistakes
Photo via U.S. Patent and Trademark Office
