Echelon PII Leak and Disclosure Fail
14 May 2021
For the best user experience please upgrade your browser
EFB Safety Advice for Pilots
07 May 2021
Tour de Peloton: Exposed user data
05 May 2021
2021. The age of the super vulnerability?
26 Apr 2021
We’re Hiring!
23 Apr 2021
Training apps. Have their privacy settings improved in 5 years?
21 Apr 2021
More blog posts »
Security Breach Hotline Call +44 203 095 0520
Open 24 hours a day, 365 days a year. [email protected]
Pen Test Partners provides cyber security consulting and testing to a huge variety of industries and organisations.
With offices in the US and UK we’re never too far away.
We also do a lot of security research which the press, governments, and consumer groups and watchdogs follow and use to help improve everyone’s privacy and security.
Find out more about us »
Why choose Pen Test Partners?
Established in June 2010, we’ve got consultants with a vast range of skills and experience, some with extremely niche skills.
As an entire company we know our stuff and we’ll work at your pace.
We research, test, and assure a lot of interesting and complex things!
We’ve provided testing and assurance for all sorts of things; ships at sea, international finance infrastructure, mobile apps for smart toys, airplane systems and avionics, power stations and critical national infrastructure, automotive and telematics, mobile banking apps, physical security, cloud services to rail infrastructure.
What we provide
Responsiveness – We are recognised as being extremely responsive. We can begin an engagement with as little as 24 hours’ notice.
Follow-up – One of the reasons we have such loyal clients is the availability our consultants have for follow-up work.
Ongoing guidance – Once an engagement is over… It’s never truly over, there will always be questions, queries, and advice needed, so we make a point of always being available post engagement.
Our Reputation
The BBC and other new agencies often contact us to comment on the latest cyber news.
We are frequently called upon to provide keynotes at events such as BSides, TED talks, InfoSecurity Europe and the US Chamber of commerce.
We can’t name names, but our clients come from a wide range of verticals and sizes including:
Automotive, Banking, Education, Engineering, Energy, Oil & Gas, FinTech, Government, Healthcare, Manufacturing, Retail, Telco’s, Insurance, Legal, Transport and Finance.
RSA Conference USA 2021
17.05.21
The Internet, United Kingdom
Cybersecure at Sea 2021
18.05.21
The Internet, United Kingdom
EuroSTAR Online 2021
29.09.21
The Internet, United Kingdom
Events, Webinars, Speaking engagements »
Looking for a speaker for your webinar or event?
Peloton’s leaky API let anyone grab rider’s private account data
05 May 2021
App used by emergency services under scrutiny
29 Apr 2021
Running apps still lag behind on privacy and security
21 Apr 2021
‘Drunk’ robot vacuums spark complaints from owners
01 Mar 2021
Could MOL-Chartered Mauritius Oil Spill Ship Wakashio Have Been Hacked?
26 Oct 2020
Security Consulting
A range of security focussed services to address your specific needs.
Incident Response
If you believe you have suffered a security breach contact us now
Automotive & IoT Testing
From the smallest IoT devices to cars and more, the attack surface of the IoT is immense.
Penetration Testing
We have talented CHECK, CREST and Tiger accredited security testers for virtually any scenario, a bold claim but true nonetheless.
Forensics Services
We have years of experience from extensive UK law enforcement criminal investigations.
Maritime Cyber Security Testing
Smart scalable testing for all things maritime and marine.
Vessels, systems, software and hardware, we have it covered.
Suffered a security breach?
Mobile security
Social engineering
Web application testing
CREST STAR & CBEST testing
CREST Cyber Essentials testing
Our people
Being introduced to, and getting to know your tester is an often overlooked part of the process. While our work is über technical we understand that relationships matter.
Meet the Pen Test team »@PenTestPartners
Fitness app déjà vu. @Echelon_Fit PII leak. The vulns were worse than those @FlyingPhishy found in @onepeloton e.g. complete PII disclosure via an IDOR vulnerability affecting their API. Their response wasn't great... Echelon PII Leak and Disclosure Fail pentestpartners.com/security-… pic.twitter.com/NNSbTQX5M0