Breach of private data security

I’ve tried to raise a ticket but it wouldn’t submit; I’ve tried to email Zwift Support but it bounced back telling me that would not be seen by your team. I’ve asked the question under a discussion on ZwiftPower but was ignored. So:

After submitting photo/evidence of weight for a Zwift-organised race (Tour de Bouddica), a couple of riders (my wife one of them) have noticed someone has made changes to their weight settings on ZwiftPower.

This looks like an unauthorised access to personal data by Zwift or the person organising on Zwift’s behalf. And, given their passwords look to have been accessed, this could compromise part or all of their online data (depending on whether they use the same or similar password elsewhere).

The weight change was not made by the riders and it was not made on Zwift itself, only on post-takeover ZwiftPower. Please investigate and let me know who made this unauthorised change, on what grounds they felt they had the right to do so, and who (if anyone) authorised this breach of personal data.

Who was the evidence of weight sent to?

Someone could have hacked zwiftpower or a disgruntled volunteer may have done something. I have heard the some people have been getting unsolicited emails through Zwift as well that could indicate an outside entity.


Unrelated. As I said, this was for a Tour, photograph of weight was required (0.2kg higher than on user’s profile) was sent to Karla Williams, who is organising the event on behalf of Zwift. The very next morning, 0.2kg was added to the rider’s profile weight without authorisation.

This isn’t about the weight, this is about the unauthorised access. How would you feel if you returned home from work and a stranger had replaced a picture on your wall. How did they get in? Who let them in? Am I no longer safe in my own home?

Apart from everything else, there are laws against it, especially here in Europe. I’d like it resolved without taking it to the appropriate authorities.

1 Like

This is concerning. ZwiftPower is not Zwift. We’re under the impression ZP has been ‘taken over’ by Zwift (though we’re already 3-4 days later and still know nothing) but the login credentials are different. It’s not okay for someone at Zwift to access my ZwiftPower account, irrespective of where the site is hosted. And certainly not before they’ve even told me about any changes to who operates/manages it and what that involves in terms of my data.

I don’t think you can change weight on Zwiftpower itself, at least not as a user. You would typically change it in Zwift and it gets send to ZP. Is the weight on Zwift changed as well?


Good point. :laughing: Need more info from the OP as to the sequence of events. Maybe it was just a delay in a change in-game being reflected in ZP?

It’s the same on Zwift but, then again, we can’t change to decimal points (AFAIK). Even if all they did was to change the database settings to Imperial, while displaying metric, it hasn’t happened to the rest of us - if it was part of a ZP rollover, my weight should’ve been automatically changed to 82.1kg… which it hasn’t.

If not the organiser, then Zwift. Whoever, there’s been unauthorised access and ZHQ would be able to find out by whom. Sadly, they’re not responding in other available avenues, so this Forum is the penultimate option

You can change to decimal points in Kg now. An update several months ago allowed for this.

Good to know, thanks. But the question remains, who changed it, if the user didn’t?

Bye Bye beat me to it. I was also going to say that things like some sort of maintenance task on the system could have had some effect on data, intended or not.

So you’re making a huge leap from “some data has changed” to “someone has had unauthorized access to this data”, and then an even bigger one to “passwords have been accessed”.


I’ve been getting tons of spam email since signing up to Zwift :frowning:

I just got an email yesterday that said the “team at zwift” and looked authentic. It was ■■■■ spam. I am not happy at all as this suggests zwift usernames, passwords may be compromised?

1 Like

Weight and other personal details are only changed by the account holder. If the account holder has changed from imperial to metric if can affect weight. See below…

Note: Switching between imperial and metric in Zwift can alter your weight by 0.5kg and height by 2cm. These changes are logged here but should not be considered intentional adjustments by the rider.

The organisers CANNOT change weight. They can ONLY change results if over w/kg category.


I don’t understand why you have really brought this up Mr Baldi. Firstly this is a female tour and you are male. ZHR don’t have a Team in this event that I can see so your member is a guest . The Tour hasn’t started yet so no harm has been done. Unfortunately people sometimes get hacked, and converting pounds to kilograms isn’t straight forward… I find this a little bit rude that you added the name of the Tour and the organiser to this thread. I really do hope the ladies involved have secured their accounts now. I am going to enjoy watching the Tour and thanks for reminding us to all secure or accounts smileOn Mr Baldi
Regards King :crown: