Jawbone on Wednesday warned users of its earpieces and Jambox speakers
that hackers stole names, email addresses and encrypted passwords from
accounts used to make the wireless devices smarter.
The San
Francisco-based company did not disclose how many MyTalk website
accounts were affected, saying that the number was "limited" and that
the attack was blocked within hours of hackers breaching its computer
system.
"Based on our investigation to date, we do not believe
there has been any unauthorized use of login information or unauthorized
access to information in your account," Jawbone said in messages
emailed to affected users.
Jawbone disabled access to accounts and called on people to reset passwords.
"Of
course, just choosing a new password isn't enough," Graham Cluley of
Sophos computer security firm said in a blog post about the hack.
"You
should also ensure that the old password (the one that may now be in
the hands of hackers) is not being used by you anywhere else on the
internet."
If successful at decrypting stolen password data,
hackers could try using it to get into other accounts associated with
swiped email addresses, Cluley warned.
"That could be disastrous
for if, for instance, you were using the same password on say your
actual email account," the security blogger wrote.
A MyTalk
website lets people customize Jawbone wireless earpieces and Jambox
speakers with mini-applications or features such as personalized voice
notifications.