The bug was first discovered by Jan Masters, a security researcher at Pen Test Partners, TechCrunch reported.
Masters found the breach by learning he could make unauthenticated requests to access someone's data through Peloton's programming interface. The bug exposed users' age, location, workout statistics, and weight.
The researcher told TechCrunch that he reported the flaw on January 20, but the issue was only confirmed to be fixed after Peloton was contacted by TechCrunch.
The security flaws discovered in Peleton's equipment demonstrate the reasons that cybersecurity experts were wary of reports that President Joe Biden might bring his Peleton bike to the White House: the additional cameras, sensors, and microphones present in the device pose potential national security risks if hacked into and personal data is leaked.