The Latest Pawn in the Warranty Fraud Game? Fitbit Users

With great technology comes great responsibility. This is particularly true when it comes to protecting technology. And with more and more aspects of our lives becoming integrated with our tech, device security must be top of mind. Think about it: the way we bank, the way we work, and even the way we monitor our fitness has moved to our pocket screens. And in many cases, all that’s needed for access is a password.

That means all that stands between you and a cybercrime is a not-so-strong login. In fact, just this week, the problem of weak passwords played a strong role in the latest hacker ploy: a warranty fraud scheme aimed at Fitbit users.

It all began in Fitbit’s customer service department, which started seeing a large number of customer requests come in, demanding replacements for faulty devices. Usually, this would be indicative of some sort of manufacturing error. But further investigation by Fitbit occurred after observing data from customer accounts posted in bulk online.

Now, it turns out this wasn’t a security breach on Fitbit systems at all. Instead, attackers had gotten a hold of users’ credentials, and proceeded to change the emails and passwords associated with the compromised accounts. It gets worse: hackers posed as the customer behind each account in order to take advantage of the product warranty and rake in new, replacement devices.

So, how did the attackers get all these passwords to begin with?

Reports indicate the cause was two-fold: malware infected customer computers and—you guessed it—users having the same password across different online accounts.

While it seems easier than keeping track of multiple logins, using a single password for everything potentially allows cybercriminals an unbelievable amount of access to personal information. The good news is there are password management solutions out there, to help combat the problem of having to remember countless passwords. Still, many of us are creatures of habit, using one ‘master’ login for just about everything we do online.

In light of this wave of warranty fraud, Fitbit plans to implement further safeguards for their users, such as two-factor authentication. However, customers’ poor password habits can still leave the door open to hacks.

This recent example scheme certainly serves as a reminder of just how critical strong, unique passwords are. To keep your private data online safe from being hijacked, here are a few best practices to keep in mind:

Use different passwords across all accounts. After reading through the above, this should go without saying. A complex password is a strong one, containing at least eight characters in length including numbers, symbols and upper and lowercase letters. If remembering multiple passwords isn’t your strong suit, remember that solutions like True Key can help make password management painless. 

Report suspicious activity. If you notice suspicious activity in an online account, change your passwords immediately. If you find yourself locked out of an online account, notify the company. This will minimize damage to your account, and can also let the vendor investigate what could be a bigger issue.

Protect devices from malware. Even if your online accounts are locked down, a malicious attack could leave your device compromised. Use a comprehensive security solution, like McAfee LiveSafe™ , to help protect your digital life.



Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Internet Security

Back to top