Hackers sock smartphone earpiece star Jawbone

Feb 13, 2013
Jawbone on Wednesday warned users of its earpieces and Jambox speakers that hackers stole names, email addresses and encrypted passwords from accounts used to make the wireless devices smarter.

Jawbone on Wednesday warned users of its earpieces and Jambox speakers that hackers stole names, email addresses and encrypted passwords from accounts used to make the wireless devices smarter.

The San Francisco-based company did not disclose how many MyTalk website accounts were affected, saying that the number was "limited" and that the attack was blocked within hours of breaching its computer system.

"Based on our investigation to date, we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account," Jawbone said in messages emailed to affected users.

Jawbone disabled access to accounts and called on people to reset passwords.

"Of course, just choosing a new isn't enough," Graham Cluley of Sophos firm said in a blog post about the hack.

"You should also ensure that the old password (the one that may now be in the hands of hackers) is not being used by you anywhere else on the internet."

If successful at decrypting stolen password data, hackers could try using it to get into other accounts associated with swiped email addresses, Cluley warned.

"That could be disastrous for if, for instance, you were using the same password on—say—your actual email account," the security blogger wrote.

A MyTalk website lets people customize Jawbone wireless earpieces and speakers with mini-applications or features such as personalized voice notifications.

Explore further: Study: Social media users shy away from opinions

add to favorites email to friend print save as pdf

Related Stories

Password breach spreads beyond LinkedIn

Jun 07, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network. ...

Recommended for you

WEF unveils 'crowdsourcing' push on how to run the Web

9 hours ago

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

PhyOrgSux
1 / 5 (3) Feb 13, 2013
Of course even 10 million hacked accounts is, after all, "limited". And "hours" is more than enough time to copy nearly any amount of passwords elsewhere.

Would probably be better if trash like Jawbone would not be allowed to harvest account details.
kochevnik
5 / 5 (1) Feb 13, 2013
Crackers, not hackers. That Jawbone doesn't know the difference is more worrying than a minor database breech. Moreover Jawbone shouldn't be keeping passwords but only the hashes. That's the real security problem
PhyOrgSux
1 / 5 (2) Feb 14, 2013
In any case it does not look like those passwords needed to be saved centrally anywhere. Unless Jawbone now plans on providing a service where user can share e.g. music with someone else across the Internet. But sharing your music between your devices in your own home does not necessitate the uploading of passwords to some Jawbone server.