Fitbit accounts targeted by online fraudsters

Online criminals have gained access to "dozens" of Fitbit accounts in the past month, using and changing account information to defraud the company by ordering replacement items using the hacked account users' warranties, reports BuzzFeed News.

According to the report, the fraudsters used leaked email addresses and passwords from third-party websites to access the accounts. In addition to changing account information to order items under users' warranties, the hackers had access to customer data, such as GPS history and biostatistics, like when users would go to sleep, according to the report.

Marc Bown, a senior security engineer at Fitbit, told BuzzFeed News that since the criminals stole emails and passwords from a third-party site, they are "fraudsters" instead of "hackers."

Users whose accounts were attacked told BuzzFeed News they were dissatisfied with FitBit's response to the hacks and the wearable company's scant security policies.

Mr. Bown saidthe company is looking into enhanced security, and acknowledged the existing policies. "It's a fair criticism," he said. "We don't have two-step verification on the site at the moment — it is something we're working on actively."

Fitbit has been the target of data breaches before.In October, a security researcher demonstrated at a conference that Fitbits can be hacked in 10 seconds, claims which Fitbit denies.

Fitbit is seeking a fraud prevention manager at its San Francisco headquarters, according to BuzzFeed News.

More articles on data breaches:

ProPublica launches HIPAA Helper database to search breaches by providers
Stolen laptop prompts breach notification at Texas rehabilitation hospital 
Data breaches in 2016: What can we expect?

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers