Fitness Cybersecurity: Risks and Ways to Stay Cyber Fit

August 3, 2021

Do you work out? Before COVID-19 struck, over 1 in 5 Americans belonged to at least one health club or studio in the US in 2019. As gyms and fitness centers were forced to shut down due to the pandemic, more people have started to do exercise at home. You may want to buy exercise equipment or sign up for online physical training memberships, but please also beware of your cybersecurity fitness. Continue reading to learn cybersecurity risks associated with fitness and how to protect yourself when you work out at home:

What’s the risk?

1. Device compromised due to malware attacks

For example, it is reported that Peloton, a famous exercise equipment company in the USA, had cybersecurity issues with their fitness products in June 2021.

Vulnerabilities were found in some Peloton bikes, enabling hackers to gain access to the devices (Peloton Bike+ or a Peloton Tread) and take control over them. Hackers could then install and run malicious apps in your Peloton bike (disguised as normal ones like Netflix or Spotify), opening backdoor access and spying on you remotely without your knowledge.

Hackers could steal all your sensitive credentials and use them for identity theft. Or, your

camera and microphone could be compromised; your workout could be watched or even recorded unknowingly.

2. Personal information leaked in data breaches

Besides malicious attacks, data breaches also happen every now and then in health and fitness industry. Here are some examples:

• Total Fitness

Total Fitness, a UK health club, has confirmed a data breach in February 2021, exposing members’ banking information including account numbers. Total Fitness stressed that credit card information was not accessed, but there could still be cybersecurity risks – with the personal information stolen, hackers can commit identity theft.

• Town Sports International

Back in September 2020, Town Sports International, a US fitness chain, suffered a data breach, with over 600,000 people’s personal information leaked.

As BleepingComputer reported, breached information included users’ names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and their billing history.

Cybercriminal could send users text messages or emails with phishing links and make them seem more convincing with these sensitive credentials, prompting users to click on the link and stealing further personal information.

How to protect your cybersecurity fitness

• Use stronger passwords.
• Check bank statements, bills, and credit reports regularly to see if there are uncommon issues over your account.
• Never click on links from unknown sources. Use Trend Micro Check for immediate scam detection.

1. After you pin the Trend Micro Check browser extension, it will block dangerous sites for you automatically:

2. Trend Micro Check on WhatsApp:
Send a link or a screenshot of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:

• If your email or other login credentials are included in data breaches, please change passwords immediately.