Some of the hottest holiday gifts this past season were the wearable fitness tracking devices such as Fitbit, Runtastic Orbit & Mio Fuse. But apparently the hackers of the world were paying attention as well and there have been reports of Fitbit accounts and other wearable technology accounts being compromised. This was not reported as a breach on a large scale where a customer database was hacked. It appears to have been some isolated incidents where customer usernames & passwords may have purchased on the black market where stolen account information is often bought and sold.
In the reported cases, the Fitbit identity thieves changed the account information shortly after stealing it. This prevented the true account owners from accessing their accounts. The criminals then used the stolen accounts to request replacement devices under warranty by reporting them as “faulty”. In most cases, it was the more expensive Fitbit & wearable hardware that was the target of the scammers. Its also scary to think of the personal health information that may be accessible to anyone who hacks a Fitbit account. Previous articles on the topic have stated that a Fitbit type device can be hacked in less than 10 seconds.
As reported by Mr. Krebs, Fitbit’s cybersecurity team recently assigned risk levels to incoming requests. He quoted Fitbit’s CSO, Marc Bown as saying: “If we see an account that was used in a suspicious way or a large number of login requests for accounts coming from a small group of Internet addresses, we’ll lock the account and have the customer reconfirm specific information.” Not surprisingly, Fitbit has plans to introduce two-factor authentication to combat hijacking of Fitbit accounts via the company website.
Related Fitbit hacking resources:
My name is Jennifer Price and I started StopIdentityFraud.org because internet privacy & security are issues that are extremely important to me. As a private network security consultant, too often do I see the damage that can be caused by identity theft & fraud. It’s my goal to help educate people about id theft and how to better protect themselves against it. Feel free to get in touch with me here or on any of my social media profiles.