Cyber security experts at McAfee discovered a security flaw on Peloton’s Bike+ that could leave riders vulnerable to internet hackers, the company announced last week. The issue, according to McAfee, stemmed from a USB port that could allow hackers “backdoor access” to the bike’s operating system, as well as the 22-inch touchscreen. Malware disguised as popular apps like Netflix and Spotify could also give hackers a peek at users’ personal information or a real-time look at their workouts if the bike’s camera and microphone are compromised, experts said.

McAfee said Peloton bikes in public or shared spaces such as a gym were most at risk. More concerning, McAfee said the vulnerability made it possible for hackers to access the bike during any point in the supply chain from construction to delivery without the rider’s knowledge. Not only could they spy on riders but, maybe more importantly, their surroundings, sensitive information.

Experts found the security threat earlier this month and alerted Peloton, teaming up with the exercise equipment company to develop a security patch to resolve the issue, according to McAfee’s website.

“Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability,” the exercise equipment company said in a statement.

Like the Bike+, experts say internet-connected devices including tablets, toys and refrigerators are vulnerable to being hacked. To keep your information out of the hands of hackers, McAfee said it’s important to stay on top of product software updates, do your homework before investing in IoT, or “internet of things” devices, and consider identity protection software.