Wearable health-tech startup Ultrahuman mentioned hackers gained unauthorized entry to clients’ wellness information after stealing an worker’s credentials by malware.
On Wednesday, the India-based startup knowledgeable affected clients of the incident by way of electronic mail, stating that the breach occurred on March 27 and concerned a system used for inner analytics. The corporate mentioned it detected the intrusion promptly, took the affected system offline, and revoked all entry.
Based in 2019, Ultrahuman sells good rings and metabolic health-tracking gadgets that allow customers to watch metrics comparable to sleep, exercise and restoration. The startup is finest recognized for its Ring Airwhich competes with the Oura Ring, and not too long ago introduced the Ring Pro with upgraded sensors and battery life.
Confirming the incident, Ultrahuman informed TechCrunch that the attackers gained entry utilizing credentials stolen from an worker’s malware-infected laptop computer, leading to wellness information belonging to about 0.1% of customers being accessed.
Based mostly on the corporate’s beforehand reported determine of roughly 700,000 monthly active usersthat may equate to no less than 700 clients who had their well being information accessed. Ultrahuman didn’t dispute this determine, however declined to reveal the precise variety of clients affected. The corporate mentioned no passwords, fee data, manufacturing methods, or Ultrahuman Ring gadgets have been compromised.
“Our safety alerting methods detected the incident inside hours, and we closed the vulnerability swiftly,” Ultrahuman CEO Mohit Kumar mentioned in an announcement to TechCrunch.
Kumar added that the startup was notifying regulators and had delayed informing affected customers whereas it audited the complete scope of the incident and decided what information had been affected.
Ultrahuman declined to share any particulars on whether or not it obtained any communication from the hackers answerable for the incident, nor say what precisely constitutes “wellness information.” The breach highlights how wellness tracker startups, like Ultrahuman and in addition Oura, retailer customers’ information on their servers in a means that enables their workers — in addition to governments and malicious hackers — to entry clients’ well being information.
The startup mentioned in an FAQ published on its web site that the risk actor obtained “read-only” entry to the affected system. Nevertheless, the corporate declined to substantiate whether or not its investigation had decided if any buyer information was exfiltrated.
Ultrahuman counts Nexus Enterprise Companions, Steadview Capital, and Blume Ventures amongst its traders. The startup has raised around $103 million up to now, per Tracxn.
Once you buy by hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.
