Ultrahuman says hackers accessed customers’ wellness data via internal tool

A data breach at Ultrahuman, a wearable ring manufacturer, has exposed customers' wellness data after hackers gained access to an internal tool using stolen credentials. The credentials were compromised when an employee's laptop was infected with malware, allowing threat actors to leverage the internal tool and access sensitive information. This incident highlights the risks associated with insider threats and the importance of robust security measures to protect against malware infections and credential theft. The breach has significant implications, as state-aligned threat activity can raise the stakes from mere criminal activity to geopolitical concerns¹. This shift in motivation can extend the impact of a breach far beyond the initial target, affecting a broader range of stakeholders. The Ultrahuman breach serves as a reminder that companies must prioritize robust security protocols to mitigate the risk of data breaches and protect sensitive customer information, making it essential for practitioners to reevaluate their security strategies.