Ultrahuman says hackers accessed customers’ wellness data via internal tool - BERITAJA

Wearable health-tech startup Ultrahuman said hackers gained unauthorized entree to customers’ wellness information aft stealing an employee’s credentials done malware.

On Wednesday, the India-based startup informed affected customers of the incident via email, stating that the breach occurred connected March 27 and progressive a strategy utilized for soul analytics. The institution said it detected the intrusion promptly, took the affected strategy offline, and revoked each access.

Founded successful 2019, Ultrahuman sells smart rings and metabolic health-tracking devices that alteration users to show metrics specified arsenic sleep, activity and recovery. The startup is champion known for its Ring Air, which competes pinch the Oura Ring, and precocious introduced the Ring Pro pinch upgraded sensors and artillery life.

Confirming the incident, Ultrahuman told TechCrunch that the attackers gained entree utilizing credentials stolen from an employee’s malware-infected laptop, resulting successful wellness information belonging to about 0.1% of users being accessed.

Based connected the company’s antecedently reported fig of roughly 700,000 monthly progressive users, that would equate to astatine slightest 700 customers who had their wellness information accessed. Ultrahuman did not conflict this figure, but declined to disclose the nonstop number of customers affected. The institution said nary passwords, costs information, accumulation systems, aliases Ultrahuman Ring devices were compromised.

“Our information alerting systems detected the incident wrong hours, and we closed the vulnerability swiftly,” Ultrahuman CEO Mohit Kumar said successful a connection to TechCrunch.

Kumar added that the startup was notifying regulators and had delayed informing affected users while it audited the afloat scope of the incident and wished what information had been affected.

Ultrahuman declined to stock immoderate specifications connected whether it received immoderate connection from the hackers responsible for the incident, nor opportunity what precisely constitutes “wellness data.” The breach highlights really wellness locator startups, for illustration Ultrahuman and besides Oura, shop users’ information connected their servers successful a measurement that allows their labor — arsenic good arsenic governments and malicious hackers — to entree customers’ wellness data.

The startup said successful an FAQ published connected its website that the threat character obtained “read-only” entree to the affected system. However, the institution declined to corroborate whether its investigation had wished if immoderate customer information was exfiltrated.

Ultrahuman counts Nexus Venture Partners, Steadview Capital, and Blume Ventures among its investors. The startup has raised about $103 million to date, per Tracxn.