Jawbone accounts compromised by hackers - personal info accessed, passwords disabled

Filed Under: Data loss, Featured

Jawbone Jambox speakerJawbone, makers of Bluetooth headsets, fitness bracelets, and neat Jambox portable speakers, has warned that hackers managed to break into its systems, and accessed the names, email addresses and encrypted passwords of users.

In an email sent to affected users, Jawbone explained that the hack affected an unspecified number of customers who had registered a MyTALK account (used to customise devices and receive firmware updates).

Email from Jawbone

Jawbone said it had disabled the MyTALK passwords of affected customers, and was keen to emphasise that it did not have any evidence that the hackers had abused the stolen information:

"..we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account."

What remains a mystery, however, is how many Jawbone customers were impacted and just how Jawbone stored the encrypted passwords. For instance, there's no indication that the hashed passwords were salted to introduce a random factor that would make them significantly harder to crack.

Naturally, some Jawbone customers are concerned and the firm is posting the same terse response from its Twitter account users with questions over and over again:

"The security of our customer’s information is a top priority for us, and we'll continue to work to keep it safe."

A few concerned customers, however, got a more personalised reply:

Tweet response from Jawbone

Impacted Jawbone customers are being asked to reset their passwords.

Of course, just choosing a new password isn't enough. You should also ensure that the old password (the one that may now be in the hands of hackers) is not being used by you *anywhere* else on the internet.

After all, the bad guys could now try to use your stolen email address and Jawbone password combination to unlock other online accounts. That could be disastrous for if, for instance, you were using the same password on - say - your actual email account!

Users have to get into the habit of always using hard-to-crack passwords, and to obey the golden rule of never having the same password on different websites.

At the time of writing I have been unable to find any official mention on Jawbone's website about the security breach, although a thread has popped up on their support forum.

If you are a Jawbone user, my advice is to change your password. Make it a strong, hard-to-guess one. And if you had been using your old Jawbone password elsewhere on the net - you are going to need new passwords for those sites too.

, ,

You might like

2 Responses to Jawbone accounts compromised by hackers - personal info accessed, passwords disabled

  1. Trent · 925 days ago

    I just don't understand why there seem to be so many "hackers" out there breaking into other people's property so to speak. I may be in the minority as far as my opinion is concerned, but the laws have to change regardless of borders, so that anyone found guilty in a court of law of doing this kind of thing goes to prison for a long time.

    • David · 925 days ago

      Why do criminals steal? Because they can.
      Getting laws changed in every country in the world? Easier said than done.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley