Some of the hottest holiday gifts this past season were the wearable fitness tracking devices such as Fitbit, Runtastic Orbit & Mio Fuse. But apparently the hackers of the world were paying attention as well and there have been reports of Fitbit accounts and other wearable technology accounts being compromised. This was not reported as a breach on a large scale where a customer database was hacked. It appears to have been some isolated incidents where customer usernames & passwords may have purchased on the black market where stolen account information is often bought and sold.
In the reported cases, the Fitbit identity thieves changed the account information shortly after stealing it. This prevented the true account owners from accessing their accounts. The criminals then used the stolen accounts to request replacement devices under warranty by reporting them as “faulty”. In most cases, it was the more expensive Fitbit & wearable hardware that was the target of the scammers. Its also scary to think of the personal health information that may be accessible to anyone who hacks a Fitbit account. Previous articles on the topic have stated that a Fitbit type device can be hacked in less than 10 seconds.
As reported by Mr. Krebs, Fitbit’s cybersecurity team recently assigned risk levels to incoming requests. He quoted Fitbit’s CSO, Marc Bown as saying: “If we see an account that was used in a suspicious way or a large number of login requests for accounts coming from a small group of Internet addresses, we’ll lock the account and have the customer reconfirm specific information.” Not surprisingly, Fitbit has plans to introduce two-factor authentication to combat hijacking of Fitbit accounts via the company website.
Related Fitbit hacking resources: