Hackers accessed wellness data of Ultrahuman users: What to know
What's the story
Ultrahuman, a leading Indian health-tech start-up, has confirmed a major data breach. The company revealed that hackers gained unauthorized access to its customers' wellness data by stealing an employee's credentials through malware. The incident occurred on March 27 and involved a system used for internal analytics. Ultrahuman detected the intrusion quickly, took the affected system offline, and revoked all access immediately.
Incident details
Internal analytics system accessed
In an email sent to affected customers, Ultrahuman detailed the incident. The company said that hackers accessed its internal analytics system by stealing an employee's login credentials from a malware-infected company laptop. This breach led to unauthorized access to wellness data of about 0.1% of its users, which translates to roughly 700 customers based on Ultrahuman's reported figure of around 700,000 monthly active users.
Data protection
No passwords or payment details compromised
Despite the breach, Ultrahuman has assured its customers that no passwords, payment details, production systems, or Ring devices were compromised in the incident. In a statement to TechCrunch, the company's CEO Mohit Kumar said their security alerting systems detected the incident within hours, and they closed the vulnerability swiftly. Ultrahuman is now notifying regulators about this incident while auditing its full scope and determining what data was affected.
Ongoing inquiry
Major concern for wellness tracker start-ups
The company has not revealed if it received any communication from the hackers or what exactly "wellness data" entails. The breach highlights a major concern for wellness tracker start-ups like Ultrahuman and Oura, who store users' data on their servers in a way that makes it accessible to employees, governments, and malicious hackers alike.
Information
Ultrahuman has raised $103 million to date
Ultrahuman has raised around $103 million to date, according to Tracxn. The start-up counts Nexus Venture Partners, Steadview Capital, and Blume Ventures among its investors. Despite this incident, the company continues to operate normally with its Ultrahuman Ring recording accurate wellness information for users.