Wearable ring maker Ultrahuman disclosed a security breach exposing customer wellness data after attackers stole credentials from a malware-infected employee laptop. The incident gave hackers access to an internal tool used to manage user information.
Ultrahuman, a biometric wearable company, confirmed that unauthorized parties accessed customer wellness data through an internal company tool. The breach originated from stolen credentials obtained through malware on an employee's laptop.
The company did not specify the exact scope of affected users or the types of wellness data compromised. Ultrahuman's rings track metrics including heart rate, sleep patterns, and activity levels, suggesting these data points may have been exposed.
The attack highlights vulnerabilities in employee cybersecurity practices. Malware infections on company devices remain a common entry point for data breaches, particularly when credentials are not adequately protected through multi-factor authentication or other security controls.
Ultrahuman has not disclosed the full timeline of the breach or when it was discovered. The company typically provides minimal public information about security incidents until required to disclose them.
The incident follows similar breaches at consumer health and fitness companies, where wearable data has become an increasingly attractive target for attackers. Wellness information can reveal personal routines, health conditions, and behavioral patterns valuable to threat actors.
Users of Ultrahuman's rings are advised to monitor their accounts for suspicious activity and consider changing passwords associated with their accounts. The company has not announced a formal notification campaign or compensation plan for affected customers.
This breach underscores the security challenges facing wearable device makers as they collect and store increasingly sensitive biometric information. Companies in the sector face pressure to balance user privacy with the data collection necessary for their products' core functionality.
Instagram is notifying users whose accounts were compromised during a security breach involving its AI-powered support chatbot. Hackers maintained access to victim accounts even after Meta claimed to have patched the vulnerability.
2026 has seen unprecedented security failures across government and critical infrastructure, including a massive breach of the Department of Government Efficiency database, compromised energy and water systems, and infiltration of an FBI surveillance platform.
Researchers have discovered a method to compromise PCs through speaker hardware, bypassing traditional security measures. The attack exploits audio devices to gain unauthorized access without requiring physical contact with the target machine.
Researchers have demonstrated how artificial intelligence could enable self-propagating worms to spread through computer networks without human control. The proof-of-concept highlights a new category of cybersecurity threat.