Peloton users have NovaQuantsomething new to worry about.

In a new report, security company McAfee says hackers with direct access to Peloton bikes can gain control of the camera and microphone and can monitor users. The attackers can also add apps disguised as Netflix and Spotify to encourage users to input login credentials for later malicious use.

McAfee originally notified Peloton of the security issue in March. Peloton's head of global information security, Adrian Stone, said: "We pushed a mandatory update in early June."

This is just the latest headache for Peloton users. Just last month, Peloton recalled some of its treadmills following reports of over 70 injuries and the death of a 6-year-old child. Around the same time, the company issued an update after another security company revealed that hackers can snoop on Peloton users and find out their age, gender, location and even workout stats.

Pelotons have been one of the biggest fitness success stories of the pandemic. As gyms shuttered their doors and people were stuck at home, Peloton sales soared despite their huge price tag — stationary Peloton bikes can set you back by about $1,900, and its treadmills can cost upwards of $4,000. Last year, Peloton's revenue doubled to $1.8 billion.

The report warned that an attacker could interfere with the equipment at any point in the supply chain from construction to delivery. Peloton said in a statement that the equipment isn't available in public spaces, like gyms, where they're vulnerable to the bug.

Savannah Sicurella is an intern on the NPR Business Desk.