Ultrahuman informs users of breach, but passwords and payment info are safe

Ultrahuman Confirms Security Breach: User Contact and Fitness Data Affected, Payments Safe

Ultrahuman, a leading name in wearable fitness technology, has confirmed a security incident impacting user data. Founder and CEO Mohit Kumar informed users via email about an unauthorized breach of an internal system. While personal contact and fitness-related information were accessed, the company assures users that sensitive data such as passwords, payment details, and credit card numbers remain secure and unaffected.

Understanding the Ultrahuman Data Breach Incident

The security incident occurred on March 27, 2026, when an unauthorized third party gained read-only access to an internal system used by Ultrahuman for analytics. The company’s security protocols promptly identified the breach, leading to the immediate shutdown of the affected system and revocation of all access. Crucially, the system's design prevented any modification or deletion of data, limiting the scope of the unauthorized access.

Ultrahuman has stated that, to date, there is no evidence suggesting any misuse of the wrongfully acquired user information. This ongoing monitoring aims to ensure that no compromised data appears on public or dark web channels.

What User Information Was Involved?

For affected Ultrahuman users, the compromised dataset included specific categories of information, while other critical data points remained secure.

Information Affected:

• Contact and Account Details: This includes basic user contact information and associated account data.
• Order and Transaction History: Records related to product purchases and service transactions.
• Fitness-Related Data: Some data associated with product usage and purchases, likely general activity or wellness metrics.

Information NOT Affected:

• Passwords: Your account passwords remain encrypted and secure.
• Payment Information: No payment details, credit card numbers, or banking information were accessed.
• Ultrahuman Ring Functionality: Your Ultrahuman Ring continues to operate normally, accurately recording wellness information.

Ultrahuman's Response and Enhanced Security Measures

Following the swift identification of the incident, Ultrahuman took immediate action to mitigate the breach and strengthen its security infrastructure. The company has implemented several key remediation measures:

• Strengthened Access Control Policies: Enhanced policies across all internal systems, including rigorous least-privilege access reviews to ensure employees only have access to necessary data.
• Hardened Endpoint Security: Stricter configuration controls and continuous monitoring have been deployed on all employee devices to prevent future unauthorized access attempts.
• Increased Access Audit Frequency: Regular and more frequent access audits are now conducted across all internal tools.
• Deployed Export-Volume Anomaly Detection: New alerting systems are in place on internal systems to detect and flag unusual data export volumes, providing an early warning for potential breaches.

What Ultrahuman Users Should Do

As a proactive measure and standard practice after any security incident, Ultrahuman advises its users to remain vigilant against potential phishing attempts.

• Be Alert to Phishing: Exercise caution if you receive any unexpected emails, SMS messages, or telephone calls referencing Ultrahuman, your orders, or personal data.
• Treat Urgent Requests with Caution: Be particularly wary of communications that convey a sense of urgency or request you to click on links.
• Ultrahuman Will Not Ask for Sensitive Info: Remember, Ultrahuman will never ask you to confirm your password, payment details, or any other personal information via email or SMS.

For any questions or concerns regarding this security incident, users can contact Ultrahuman directly via email with the subject line "Security Incident."

Contact for Questions: [email protected]

Ultrahuman reiterates its commitment to user security and privacy, asserting that the measures taken are designed to prevent recurrence and continuously earn user trust.

Source