It’s been a busy few months for Sky Q. The team at Sky have added support for a dizzying number of new apps, including cooking tool Tastemade, music video streaming service XITE, podcast hub BBC Sounds, and more. The latest addition is at-home fitness service Peloton …but the timing leaves something to be desired.
Peloton might be best known for their spin bikes, which let you join live classes from your living room, but the subscription service also packs a number of other on-demand and live fitness classes. Like rivals Fiit and Apple Fitness+, you can pick from a number of disciplines, including Yoga, Running, Cardio, Bootcamp, Stretching, and more. Peloton works with Apple Watch to track the number of calories burned, heart-rate, recovery time, and total distance. There are also audio-only classes to stream when you’re running outdoors to make sure you push yourself and vary your pace.
With the addition of Sky Q, Peloton subscribers will be able to tune-in to the latest on-demand and live classes on the big screen.
While Peloton is available on a number of streaming set-top boxes, including Apple TV, Roku, Fire TV, and Chromecast, Sky Q is the only UK TV platform to add support, so unless you have another device from this list, Virgin Media TV, EE TV and BT TV customers won’t be able to follow along with their favourite fitness instructor on the living room telly.
Peloton is available in the My Apps menu on Sky Q, but the quickest way to navigate to the app is to simply say “Peloton” into your Sky Q voice remote to open the app. You can also say “fitness” or “Let’s get Physical” to discover an entire fitness destination page, full of content from YouTube, Spotify and more all in one place on Sky Q.
Fraser Stirling, Group Chief Product Officer, Sky said: “Adding Peloton to Sky Q is incredibly exciting for our customers as it makes it easier to enjoy working out from home. Peloton joins Fiit, Netflix, Disney+, YouTube and many more favourites continuing to make Sky Q the home of all the entertainment you love, in one place.”
Sky Q customers, who are new to Peloton can trial the Peloton App via Sky Q free for 30-days. Following the 30-day trial, Peloton’s Digital Only Membership is £12.99 per month. Existing Peloton All-Access and Digital Members can simply sign into their Peloton account on Sky Q.
Kevin Cornils, Managing Director International for Peloton added: “We’re excited to roll out the Peloton App on Sky Q. The Peloton App launched in 2018 and we’ve been continuously introducing new features and ways to access our content over time. Our latest launch on Sky Q makes our content even more accessible. Both new and existing Peloton Members can view our best in-class, studio-style workouts on the biggest screen in the home, enabling them to better experience our floor-based disciplines.”
But, why is the timing so awkward?
Well, in the hours following the announcement that Peloton was coming to Sky Q viewers across the UK, security researcher Jan Masters revealed that Peloton was leaking personal information about its subscribers, including their age, gender, city, weight, workout statistics and whether it was your birthday. These details can be hidden on Peloton profile pages, but the API still makes this information available. Masters, who works with Pen Test Partners, reported the leaky API to Peloton back in January 20. He provided them with a 90-day deadline to patch the problems, which is the standard window that security researchers allow companies to fix bugs in private before the details are made public.
That deadline came and went. As a result, Jan Masters has now shared the troubling issues with the Peloton API and how it can expose details to anyone online.
In the days since, Peloton has fixed the leak in its API, which is used by developers to support the fitness class platform. A spokesperson for the company told TechCrunch: “It’s a priority for Peloton to keep our platform secure and we’re always looking to improve our approach and process for working with the external security community. Through our Coordinated Vulnerability Disclosure program, a security researcher informed us that he was able to access our API and see information that’s available on a Peloton profile.
“We took action, and addressed the issues based on his initial submissions, but we were slow to update the researcher about our remediation efforts. Going forward, we will do better to work collaboratively with the security research community and respond more promptly when vulnerabilities are reported.”
It’s not known whether anyone maliciously exploited these vulnerabilities to scrape data from Peloton accounts. With a number of high-profile celebrities and politicians, including US President Joe Biden, music superstars Miley Cyrus and Alicia Keys, and ex-Good Morning Britain host Piers Morgan, Peloton will want to ensure it keeps a tighter lid on personal details from its users.