Jawbone, makers of Bluetooth headsets, fitness bracelets, and neat Jambox portable speakers, has warned that hackers managed to break into its systems, and accessed the names, email addresses and encrypted passwords of users.
In an email sent to affected users, Jawbone explained that the hack affected an unspecified number of customers who had registered a MyTALK account (used to customise devices and receive firmware updates).
Jawbone said it had disabled the MyTALK passwords of affected customers, and was keen to emphasise that it did not have any evidence that the hackers had abused the stolen information:
"..we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account."
What remains a mystery, however, is how many Jawbone customers were impacted and just how Jawbone stored the encrypted passwords. For instance, there’s no indication that the hashed passwords were salted to introduce a random factor that would make them significantly harder to crack.
Naturally, some Jawbone customers are concerned and the firm is posting the same terse response from its Twitter account users with questions over and over again:
"The security of our customer’s information is a top priority for us, and we'll continue to work to keep it safe."
A few concerned customers, however, got a more personalised reply:
Impacted Jawbone customers are being asked to reset their passwords.
Of course, just choosing a new password isn’t enough. You should also ensure that the old password (the one that may now be in the hands of hackers) is not being used by you *anywhere* else on the internet.
After all, the bad guys could now try to use your stolen email address and Jawbone password combination to unlock other online accounts. That could be disastrous for if, for instance, you were using the same password on – say – your actual email account!
Users have to get into the habit of always using hard-to-crack passwords, and to obey the golden rule of never having the same password on different websites.
At the time of writing I have been unable to find any official mention on Jawbone’s website about the security breach, although a thread has popped up on their support forum.
If you are a Jawbone user, my advice is to change your password. Make it a strong, hard-to-guess one. And if you had been using your old Jawbone password elsewhere on the net – you are going to need new passwords for those sites too.Follow @gcluley