minute read Share this article: On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child. Peloton has hit a pothole. Its API was leaking riders’ private data, it ignored a vulnerability disclosure from a penetration testing company, and it partially fixed the hole but didn’t get around to telling the researcher until he reached out to a cybersecurity journalist for some help. This is bad news for Peloton, coming just before other, far more horrific news hit the headlines: Namely, on Wednesday, the company recalled all of its treadmills, which have been linked to 70 injuries and the death of one child. It also admitted that it had been wrong to refuse the Consumer Product Safety Commission’s request that it pull the equipment: In April, the CPSC warned consumers to stay off the Peloton Tread+, which “poses serious risks to children for abrasions, fractures, and death.”