help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Fitbit security question

ANSWERED
Replies are disabled for this topic. Start a new one or visit our Help Center.

‎01-08-2016 07:55 - last edited on ‎10-11-2016 10:36 by Fitbit Moderator

‎01-08-2016 07:55 - last edited on ‎10-11-2016 10:36 by Fitbit Moderator

I'd like to know what Fitbit's response is to the data security breach announced by the company earlier this week. How many users were affected, what types of information were taken, and how can we be assured this won't happen again, that our data is private and secure. You get a lot of personal information from our trackers.

 

moderator edit: edited title for clarity

Best Answer
0 Votes
1 BEST ANSWER

Accepted Solutions

‎01-09-2016 12:30

‎01-09-2016 12:30

@bdaniels04@mlaccs@emili@Paladin07 We've implemented a security measure to email the original owner of the Fitbit account that the email address has been changed. The email will look like what you see below. A special shoutout to our users in the Community who suggested this!

 

In addition, we ask our users to help prevent this type of activity in the future, we recommend that customers avoid reusing passwords associated with their email address or any other accounts, as this practice leaves them more vulnerable to this type of malicious behavior. For best practices in staying safe online, see: https://www.staysafeonline.org/stop-think-connect/tips-and-advice.

 

You may also wish to make use of services that monitor for “leaked password lists” that include your email address, such as: https://haveibeenpwned.com or https://pwnedlist.com/signup.

 

We take our obligation to safeguard customer personal information very seriously and we are vigilant in identifying, blocking, and addressing this type of malicious nefarious activity. We have taken steps to address remediate the issue and secure your account by resetting the email address and password. You’ll need to use the “I forgot my password” link to regain control of your account; see this help page for instructions.

 

I also recommend you check out these help articles for more information: "Can someone take over my account?" and "Is my Fitbit data secure?"

 

email address changed.png

Erick | Community Moderator

It's all about the food! What's Cooking?

View best answer in original post

Best Answer
16 REPLIES 16

‎01-08-2016 08:07

‎01-08-2016 08:07

Where is the link to the security breach?   I am a bit confused that any of us would be surprised that data was comprimised.  At this point in the game we should all know that these things happen and we pay nothing to FitBit to secure our data.  It is almost like we are all demanding everyone else take responsibility for our actions.    Dta security is critical but in the case of out FitBit our goal is to SHARE data.  Kinda hard to demand both at the same time.

Best Answer
0 Votes

‎01-08-2016 21:02

‎01-08-2016 21:02

I haven't heard anything either. I do know that any device that runs with bluetooth is subject to hacking, but nothing specific to fitbit. Would you please share the link to the story? Thank you, E.

Elena | Pennsylvania

Best Answer
0 Votes

‎01-09-2016 03:00

‎01-09-2016 03:00

http://www.cnbc.com/2016/01/08/theres-a-hack-for-that-fitbit-user-accounts-attacked.html
Best Answer

‎01-09-2016 03:01

‎01-09-2016 03:01

Or here's another one:
http://www.idigitaltimes.com/hackers-hit-fitbit-warranty-fraud-attacks-using-hijacked-customer-accou...
Best Answer

‎01-09-2016 03:03

‎01-09-2016 03:03

Here's another one: http://www.scmagazine.com/fitbit-warranty-fraud-bombards-and-fools-customer-service/article/464063/
Best Answer

‎01-09-2016 07:39

‎01-09-2016 07:39

I would also like to know more about this data security breach. I just starting using my surge this week and would like to know when the breach occurred. If there was a breach, I know Fitbit needs to investigate all the facts of the event. However, it isn't right to keep customers/users in the dark here. That will only hurt the brand more. Please be transparent about this matter Fitbit or Sen. Schumer will have a field day with you on Capitol Hill for sure.

Best Answer
0 Votes

‎01-09-2016 07:43

‎01-09-2016 07:43

@bdaniels04 wrote:

I'd like to know what Fitbit's response is to the data security breach announced by the company earlier this week.

@bdaniels04  please read the articles.  This attack is accomplished almost every time as a result of people being sloppy with personal security and having easy passwords or from their computers being breached as a result of common phising mistakes.   

 

Problem is not limited to FitBit and there is really nothing they SHOULD do that is not going to make existing and new customers even more upset. 

 

If you use your device on a regular basis this would not affect you since hte bad guys change passwords and open an case for a broken device.   If that happened to me I would know within 24 hours.   

 

The ones hurt is FitBit as they get ripped off.  The good news about this attack is the end users have already lost all of their financial and personal information so the value of their steps data is minimal.

 

I am curious, and this is a real question, what do you think FitBit should do?   I am thinking refuse support of any kind without some kind of validataion (like banks do) but my bet is that upsets a lot of customers and the only part of FitBit who wants ot ignore customers is the forums.  🙂

Best Answer

‎01-09-2016 07:52

In response to Paladin07

‎01-09-2016 07:52

If there was a breach, I know Fitbit needs to investigate all the facts of the event. However, it isn't right to keep customers/users in the dark here. That will only hurt the brand more. Please be transparent about this matter Fitbit or Sen. Schumer will have a field day with you on Capitol Hill for sure.

@Paladin07  There really is nothing for FitBit to be transparant about.   The problem they have here is that in the past if you had a failed device they would send you a new one.   The result of this set of attacks on end users as a result of end user error is that they will tighen up the return policies.  

 

No one cares about how many stes we take.  

Best Answer
0 Votes

‎01-09-2016 09:03

In response to mlaccs

‎01-09-2016 09:03

 

Yes. No one cares about how many steps anyone takes. I agree. However, when you first register the unit and to join this site, you must provide your name, age (DOB), email, etc. And, some users may actually enter more info about themselves if they so choose to do so (e.g. daily diet, weight info. etc.)  And, some units do have the GPS functionality.

 

Regardless of the type of breach and the idosyncracies of each, Fitbit has not done a good job of quelling the concerns of customers about data privacy/security- period! Where is their social media team on this as well as their moderators for this site to address the Community's concern and just tell us what happened? Note: The Company's website appears to make privacy/security a big part of their "brand".

 

Furthermore, I find it interesting that Fitbit Community posts (like this one) are searchable on Google and not private to just "the Community". So, we must log-in to access this community. However, anyone can actually read any comment if they are not part of the Community. Some users may not be "creative" with their user names - yet another potential "data point".

Best Answer
0 Votes

‎01-09-2016 09:20

In response to Paladin07

‎01-09-2016 09:20

Furthermore, I find it interesting that Fitbit Community posts (like this one) are searchable on Google and not private to just "the Community". So, we must log-in to access this community. However, anyone can actually read any comment if they are not part of the Community. Some users may not be "creative" with their user names - yet another potential "data point".

@Paladin07  I suspect we will agree to disagree here.  I bought a tool to help with my fitness.  You have explained that FitBit is responsible to run everyones lives from birth to death but have failed to explain why FitBit should be raising prices and awareness to anyone for problems that exist with ANY on-line product or service.

 

To be fair I have friends in the data security industry.  They have 100% fake data in their logins and profiles for everything from Facebook to twitter to mail accounts.  They access these accounts from masked IP addresses and it would be hard for anyone to actually find out just who they areally are. 

 

If you and others are worried about your data then it is not a hard problem to fix.  Delete your account and move on.   

 

It bothers me that you want MY MONEY in the form of higher fees to deal with an issue that is NOT a FitBit problem.   Every case of stolen FitBit accounts is do to a security breach at the END USER level. 

 

 

Best Answer
0 Votes

‎01-09-2016 09:41

In response to mlaccs

‎01-09-2016 09:41

at the risk of sounding like a Fitbit cool-aide drinker- I read each article and I am not sure how fitbit is responsible for anything other than continuing to bring to market tools to manage fitness. People use the same password email combos for multiple things. That's what happened here. The only people who were hurt by this was fitbit - because they sent out tons of devices they didn't have to in an effort to replace ones reported as broken. The fact that someone knows where someone runs or what time they go to sleep- anyone can follow you around for a week and know this too. In this day an age everyone has responsibility for what they put out on the internet everytime they join social media, shop, bank, etc. I was a victim of the huge Target debacle- all I did was shop there. Lesson learned, I never went back. If this makes you both uncomfortabe, maybe this isn't the right fitness tool for you. Whatever you decide, I hope all goes well.

Elena | Pennsylvania

Best Answer

‎01-09-2016 10:03 - edited ‎01-09-2016 10:24

In response to mlaccs

‎01-09-2016 10:03 - edited ‎01-09-2016 10:24

 

mlaccs, you didn't have to respond to my initial post. So, you move on!

Best Answer
0 Votes

‎01-09-2016 11:18

In response to mlaccs

‎01-09-2016 11:18

 

I never stated that Fitbit is responsible to run everyones lives from birth to death.

 

I never mentioned anything about why Fitbit should raise prices on their products. And...

 

It is Fitbit that has made data privacy and security a part of the their brand - including on their website.

 

So, Fitbit made privacy and security matters their problem. Why do you think they have hired Washington DC lobbyists on this very issue in the last year? Last year their bill to lobby Congress was $180k based on data from OpenSecrets.org.

Best Answer
0 Votes

‎01-09-2016 12:30

‎01-09-2016 12:30

@bdaniels04@mlaccs@emili@Paladin07 We've implemented a security measure to email the original owner of the Fitbit account that the email address has been changed. The email will look like what you see below. A special shoutout to our users in the Community who suggested this!

 

In addition, we ask our users to help prevent this type of activity in the future, we recommend that customers avoid reusing passwords associated with their email address or any other accounts, as this practice leaves them more vulnerable to this type of malicious behavior. For best practices in staying safe online, see: https://www.staysafeonline.org/stop-think-connect/tips-and-advice.

 

You may also wish to make use of services that monitor for “leaked password lists” that include your email address, such as: https://haveibeenpwned.com or https://pwnedlist.com/signup.

 

We take our obligation to safeguard customer personal information very seriously and we are vigilant in identifying, blocking, and addressing this type of malicious nefarious activity. We have taken steps to address remediate the issue and secure your account by resetting the email address and password. You’ll need to use the “I forgot my password” link to regain control of your account; see this help page for instructions.

 

I also recommend you check out these help articles for more information: "Can someone take over my account?" and "Is my Fitbit data secure?"

 

email address changed.png

Erick | Community Moderator

It's all about the food! What's Cooking?

Best Answer

‎01-10-2016 08:30

In response to ErickFitbit

‎01-10-2016 08:30

thanks Erick!

Elena | Pennsylvania

Best Answer
0 Votes

‎01-14-2016 16:02

In response to emili

‎01-14-2016 16:02

@emili You're welcome! Always here to help out! Robot Happy

Erick | Community Moderator

It's all about the food! What's Cooking?

Best Answer
0 Votes