Security issue with Onewheel



  • This is the last place where I can draw the company's attention to the existing problem.
    If you are thinking that i wanna share technical issue with onewheel device - sorry for clickbait title.
    Technically i found security issue with services from Onewheel which you use day by day. This issue related with personal data of all users. In the place which i found there is a leak of data like - name, email, country... etc. (in march it was 13k users data)

    Be sure that your data is also there

    With good intentions and without a desire to making money on that, I reported about that issue and with buch of all others issues to the company on January 30, 2018.
    They did 4 time updates with IT infrastructure, but they didn't fixed any issues!!!

    I'v tried to contact with CEO Jack in March, because all problems was actual.
    In the middle of March he replied me with text that he appreciate my concern and they will take steps to remedy my concern as soon as we possibly can.
    Today is end of May. And the problem still there. But with a bit more data. Around 16k users.

    I don't wanna share any technical things. Because it's not ethical. But it's also not ethical from the company side with ignoring all problems. I am so unhappy that someone can steal this data and making something bad... And I am unhappy that my data also there and can be stolen :(

    OneWheel team! Let's make this world safer!



  • If this is true then it's worth also mentioning: with the EU personal data laws about to take effect on May 25th, this could be an extremely expensive mistake for FM.



  • @readysetawesome
    I already made second support ticket with mentioning that GDRP can be expensive for that kind of vulnerability...
    But as always - no one replied me. And the previous one support ticked was marked as closed with all technical details about all vulnerabilities which i found.
    Can someone from OneWheel Company give some explanations about that situation? @Future-Motion



  • All issues was resolved. Thanks for attention!



  • This is great news, thanks for bringing it up.



  • @testerok
    Thank you for your expertise and persistence in helping @Future-Motion improve on user data security.



  • @lidphones @The_Tim @cr4p @Vitaly @Onewheel-Miami @znzn @skyman88
    Thank you and all others guys for supporting and making attention.
    I am happy to say goodbye for that vulnerabilities which i found. More over i planed to order one onewheel device, but with this situations and understanding how company works with customers - i will not do that. Coordination with support was painful.
    With a great respectful present for my findings
    alt text
    I wanna say Goodbye all of you.
    Next time if company could not assess the level of risk of the problem, I highly recommend to not send such gifts as a thank you.

    Best regards.
    Valeriy